Generate a Content Security Policy in minutes with our browser extensions for free, then view the results on Csper.
Content Security Policy (CSP) Generator Browser Extension.
Under the hood the extension injects a temporary content security policy in report-only mode, and then uses the violation reports from report-uri to create a policy.
The extension needs to be enabled on a website first. One enabled the extension will start collecting information on the page (using a policy in report-only mode). The tool works on a per-domain basis.
The extension is only able to generate a policy for the content that it sees. It's not critical to visit every page on the domain, but the better the policy is now, the less work for later.
The extension generates a list of all inline reports that need to be fixed before the policy can be put in enforce mode. You can either start moving these inline resources to their own file now or later.
The policy is generated! It's best to set this policy in report-only mode for a few days to capture the remaining missed content.
The extension allows you to email the results to yourself/your team for follow up.
You can also view the results within Csper to get more insight about the reports.