With Content Security Policy, and reporting provided by Report URI, you can take full control of resources that are permitted to load on your site. Taking control of where JavaScript can be loaded and executed from is a powerful mitigation for one of the most common forms of attacks seen against web applications, Cross-Site Scripting (XSS).
Related Products
XSS Auditor
Network Error Logging
Whilst the main attraction to CSP is mitigating Cross-Site Scripting attacks, it has a lot more to offer. Here are just a few of the things that you can do with CSP:
Detect mixed-content
Control where forms can post data
Restrict loading of any content type
Automatically fix mixed-content
Control nested browsing contexts
Defend against click-jacking
Getting started with CSP can be daunting, which is why we created The CSP Wizard to help you! With a single line of code or config, depending on your platform, you can get started using the CSP Wizard.
The problem we set out to solve was finding every piece of content you have on your site that needs to go in your CSP. Scripts, styles, images and everything else. You name it, it needs to go in your CSP. But then what about form actions? XHRs? Parent and child browsing contexts? It can be a tricky task.
With the CSP Wizard we ask the browser to report back to us and tell us everything that exists on a page that would need to be whitelisted in your CSP. With this information we can present you with all of the information you need to build a perfect policy.
Per Month*
Best Emerging Technology 2018
"This is a completely new source of information that sites can use to better protect themselves and their visitors"
View our certification
