Example Usage
{
    "report-only": false,
    "report-to": "PolicyName",
    "report-uri": "/csp_violation_reporting_endpoint",
    "base-uri": [],
    "default-src": [],    
    "child-src": {
        "allow": [
            "https://www.youtube.com",
            "https://www.youtube-nocookie.com"
        ],
        "self": false
    },
    "connect-src": [],
    "font-src": {
        "self": true
    },
    "form-action": {
        "allow": [
            "https://example.com"
        ],
        "self": true
    },
    "frame-ancestors": [],
    "img-src": {
        "blob": true,
        "self": true,
        "data": true
    },
    "media-src": [],
    "object-src": [],
    "plugin-types": [],
    "script-src": {
        "allow": [
            "https://www.google-analytics.com"
        ],
        "self": true,
        "unsafe-inline": false,
        "unsafe-eval": false
    },
    "style-src": {
        "self": true
    },
    "upgrade-insecure-requests": true
}
See also
Retire.js
Open Source

Detects the use of JavaScript libraries with known vulnerabilities. Available as a CLI tool, browser…
Pentest-Swarm-AI
Open Source

Autonomous penetration testing using a swarm of AI agents. Orchestrates recon, classification, explo…
GraphQL Voyager / InQL
Open Source

InQL is a Burp Suite and standalone GraphQL security scanner. Analyzes introspection queries, genera…
Aquatone
Open Source

Tool for visual inspection of websites across large numbers of hosts. Takes screenshots of web pages…
OWASP ZAP
Open Source Kali

OWASP's Zed Attack Proxy — one of the world's most popular free web application security scanners. F…
Arjun
Open Source

HTTP parameter discovery suite.…