Content Security Policy (CSP) is the mechanism to mitigate one of the most popular web application issues called Cross-Site Scripting (XSS). CSP is a declarative policy that allows application to inform the browser about specific areas where application expects all resources to be loaded, such as scripts and images.
To make easy the process of implementing CSP for the target web application I've made an extension for Chrome and Chromium based browsers called "CSP Tester".
- Simple (with parsed directives) and Advanced (raw editing of header content) modes
- CSP version 1.0 support
X-WebKit-CSPheaders both are added
- Help links for directives to corresponding descriptions on www.w3.org/TR/CSP
Source code is available on GitHub https://github.com/oxdef/csp-tester.