References and Learning
- CSP 1.0 Spec
- CSP 1.1 Spec – Still in Draft status
- HTML5 Rocks Introduction to CSP – Excellent examples
- Web Application Security Working Group
- OWASP CSP Overview
- CSP Quick Reference
Policy Builders and Tools
- CSP is Awesome – CSP Policy Generator
- CSP Recommendation Bookmarklet – Bookmarklet for Policy Creation
- Can I Use: Content Security Policy – Current Browser Support
- CSP AiDer/CSP Recommender – Site Analyzer with Policy Creation
- UserCSP – Firefox Extension to Generate and apply CSP on the client side
Case Studies and Examples
- SendSafely Blog: “Retrofitting Code For Content Security Policy” – CSP on SendSafely.com and updating ReCAPTCH
- Github Blog: “Content Security Policy” – CSP on Github.com
- Twitter Blog: Improving Browser Security With CSP – CSP on mobile.twitter.com
- Ben Summers’ Blog: “Strategies for implementing Content Security Policy” – CSP on oneis.co.uk
Browser Implementation Details and Tests
- Chromium CSP Test Suite
- CSP Readiness Tests and csptesting.herokuapp.com – In-browser CSP tests