Policy GeneratorFree

Generate a Content Security Policy in minutes with our browser extensions for free, then view the results on Csper.

chrome extension View on Chrome Extension Storefirefox extension View on Firefox Addon Store

Content Security Policy (CSP) generator

Content Security Policy (CSP) Generator Browser Extension.

background waves

How it works

Under the hood the extension injects a temporary content security policy in report-only mode, and then uses the violation reports from report-uri to create a policy.

start csp policy generator

1. Enable on a specific website

The extension needs to be enabled on a website first. One enabled the extension will start collecting information on the page (using a policy in report-only mode). The tool works on a per-domain basis.

2. Visit a couple of pages

The extension is only able to generate a policy for the content that it sees. It's not critical to visit every page on the domain, but the better the policy is now, the less work for later.

collect csp reports
view inline reports

3. Fix/Inspect inline reports

The extension generates a list of all inline reports that need to be fixed before the policy can be put in enforce mode. You can either start moving these inline resources to their own file now or later.

4. All done!

The policy is generated! It's best to set this policy in report-only mode for a few days to capture the remaining missed content.

The extension allows you to email the results to yourself/your team for follow up.

You can also view the results within Csper to get more insight about the reports.

generated csp policy
background waves