CSP Tester - extension for Chrome/Chromium based browsers

Posted on 14 July 2013 in misc

Content Security Policy (CSP) is the mechanism to mitigate one of the most popular web application issues called Cross-Site Scripting (XSS). CSP is a declarative policy that allows application to inform the browser about specific areas where application expects all resources to be loaded, such as scripts and images.

To make easy the process of implementing CSP for the target web application I've made an extension for Chrome and Chromium based browsers called "CSP Tester".

Features:

  • Simple (with parsed directives) and Advanced (raw editing of header content) modes
  • CSP version 1.0 support
  • Content-Security-Policy and X-WebKit-CSP headers both are added
  • Help links for directives to corresponding descriptions on www.w3.org/TR/CSP

Source code is available on GitHub https://github.com/oxdef/csp-tester.

csp