Content security policy

Enforcer: Content-Security-Policy Tester/Analyzer https://chrome.google.com/webstore/detail/caspr-enforcer/fekcdjkhlbjngkimekikebfegbijjafd 4 comments 7/9/2014 netsec

Bug: Safari’s default <audio>/<video> controls blocked when applying a Content-Security-Policy https://www.ctrl.blog/entry/safari-csp-media-controls 2 comments 21/11/2018 webdev

Just wondering, how many of you here use Content-Security-Policy or Public-Key-Pins headers on your website? https://www.reddit.com/r/webdev/comments/6of2yr/just_wondering_how_many_of_you_here_use/ 7 comments 20/7/2017 webdev

Content Security Policies are absolute swiss cheese https://www.lunasec.io/docs/blog/csp/ 2 comments 9/12/2021 programming

My Shopify Site is "Blocked by Content Security Policy" https://www.reddit.com/r/shopify/comments/c2waud/my_shopify_site_is_blocked_by_content_security/ 5 comments 20/6/2019 shopify

How Do I set up Content Security Policies? https://stackoverflow.com/questions/27464168/how-to-include-scripts-located-inside-the-node-modules-folder 3 comments 12/9/2018 node

Content Security Policy for Dummies https://r0075h3ll.github.io/CSP-for-Dummies/ 2 comments 12/5/2022 netsec

how important is content security policy? https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection 11 comments 18/3/2022 flask

Fix Content Security Policy violations? http://localhost:3000/mini-profiler-resources/includes.js?v=35a79b300ab5afa978cb59af0b05e059 5 comments 11/9/2021 rails

Having an issue with Content Security Policy https://github.com/AvianOverlord/React-Quiz-2.0/tree/public 13 comments 23/2/2021 heroku

Content Security Policy - protect your website from XSS attacks https://itsopensource.com/content-security-policy/ 3 comments 31/10/2020 javascript

Content Security Policy (CSP) Bypasses http://ghostlulz.com/content-security-policy-csp-bypasses/ 3 comments 15/2/2020 netsec

content security policy using sinatra and heroku https://github.com/grempe/rack-content_security_policy 3 comments 13/2/2020 ruby

Your website needs a Content Security Policy. Here's why https://lukasvileikis.com/your-website-needs-a-csp-heres-why/ 8 comments 5/4/2018 netsec

Content Security Policy Report Aggregator https://caspr.io 3 comments 20/8/2014 netsec

Curious case of Content Security Policy (CSP) https://www.vinaybhinde.in/2020/08/a-curious-case-of-content-security-policy-csp/ 14 comments 9/8/2020 javascript

cspparse: A tool to evaluate Content Security Policies. https://github.com/c0rb3n/cspparse 4 comments 26/9/2018 netsec

Content Security Policy coming to Rails 5.2, how to introduce it? https://bauland42.com/ruby-on-rails-content-security-policy-csp/ 4 comments 6/4/2018 rails

Reshaping web defenses with strict Content Security Policy https://security.googleblog.com/2016/09/reshaping-web-defenses-with-strict.html 3 comments 26/9/2016 netsec

Genius's "annotate anywhere" feature has been stripping content security policy http://www.theverge.com/2016/5/25/11505454/news-genius-annotate-the-web-content-security-policy-vulnerability 5 comments 25/5/2016 netsec

Implementing Content Security Policy at Dropbox https://blogs.dropbox.com/tech/tag/content-security-policy/ 3 comments 14/10/2015 netsec

XSS is the #1 security problem on the web... Content Security Policy is the fix http://www.youtube.com/watch?v=pocsv39pNXA 5 comments 17/6/2013 netsec

Mozillas Content Security Policy - Finally a useful tool against XSS http://bottiger.org/wrote/21-mozillas-content-security-policy 9 comments 24/6/2011 netsec

Newspipe - configure your Content Security Policy per instance. https://github.com/cedricbonhomme/newspipe/releases/tag/v9.3.0 6 comments 22/3/2020 selfhosted

When desperate, can I change Firefox's handling of Content Security Policy, for a single tab? https://www.reddit.com/r/firefox/comments/fer3vu/when_desperate_can_i_change_firefoxs_handling_of/ 7 comments 7/3/2020 firefox

Stop XSS in its tracks forever with the Content Security Policy HTTP Header http://www.html5rocks.com/en/tutorials/security/content-security-policy/ 5 comments 9/2/2016 webdev

Help implementing a nonce based Content Security Policy in React https://csp.withgoogle.com/docs/adopting-csp.html 3 comments 4/4/2019 reactjs

How a Content Security Policy (CSP) Could Have Protected Newegg https://blog.sentry.io/2018/09/20/content-security-policy-newegg-breach 17 comments 20/9/2018 programming

Mitigate cross-site scripting (XSS) with a strict Content Security Policy (CSP) https://web.dev/strict-csp/ 2 comments 15/3/2021 webdev

Content Security Policy is going to make the web safer. Learn how it works and give it a test drive. http://cspplayground.com 3 comments 31/7/2013 programming

Neatly bypassing Content Security Policy. Why 'unsafe-inline' is almost always a full-fledged XSS https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa 10 comments 10/7/2018 netsec

CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy https://research.google.com/pubs/pub45542.html 3 comments 1/9/2016 netsec

microsoft's edge web browser comes with a hidden whitelist file designed to allow facebook to circumvent the built-in click-to-play security policy to autorun flash content without having to ask for user consent. https://www.bleepingcomputer.com/news/security/microsoft-edge-secret-whitelist-allows-facebook-to-autorun-flash/ 39 comments 22/2/2019 privacy

I created script-src-generator, a binary cli and Go package for generating script-src directives for a Content Security Policy (CSP) - what does everyone else use? https://github.com/JOT85/script-src-generator 2 comments 9/6/2024 golang