Content Security Policy (CSP) is an additional layer of security protection that can significantly reduce the risk and impact of web injection attacks like XSS on modern browsers. At Yahoo we are serious with enabling CSP on all major properties and have made significant progress towards that goal. Setting the CSP policy and fine tuning it is a challenge because of feature and implementation disparities between versions or browsers. csptester.io is a tool to test policy behavior across multiple browsers, learn CSP and understand disparities.
What is CSPTESTER.IO?
http://csptester.io is a Node.js-based web app that can frame a user’s HTML content and allow them to test CSP policies in a browser of their choice to see what fails/works. You may optionally even try XSS attacks against your code.
What is CSPTESTER.IO?
http://csptester.io is a Node.js-based web app that can frame a user’s HTML content and allow them to test CSP policies in a browser of their choice to see what fails/works. You may optionally even try XSS attacks against your code.