

Show HN: Web Security: CSPTESTER.IO – Test & Learn CSP on modern browsers - rbinu
https://github.com/yahoo/csptester

======
rbinu
Content Security Policy (CSP) is an additional layer of security protection
that can significantly reduce the risk and impact of web injection attacks
like XSS on modern browsers. At Yahoo we are serious with enabling CSP on all
major properties and have made significant progress towards that goal. Setting
the CSP policy and fine tuning it is a challenge because of feature and
implementation disparities between versions or browsers. csptester.io is a
tool to test policy behavior across multiple browsers, learn CSP and
understand disparities.

What is CSPTESTER.IO?

[http://csptester.io](http://csptester.io) is a Node.js-based web app that can
frame a user’s HTML content and allow them to test CSP policies in a browser
of their choice to see what fails/works. You may optionally even try XSS
attacks against your code.

