Resources

Tools

• CSP Mitigator is a Chrome extension for applying a custom CSP policy to any application, based on the domain and path. It allows you to understand the impact of applying the given CSP policy, identify parts of your application which aren’t compatible with CSP, and guides you to make any necessary changes before deployment.
• CSP Evaluator helps you check if a chosen CSP policy is secure.

Analysis and research

• CSP paper - an investigation of the state of CSP on the Web and security analysis of real-world policies.

• CSP experiments 'strict-dynamic' playground - examples of JS widgets with a nonce-based policy.

Code

• Closure automatic noncing mode