Content Security Policy Generator

What it does

This skill generates Content Security Policy (CSP) headers. CSPs are a crucial security mechanism that helps protect web applications from cross-site scripting (XSS) and other code injection attacks by defining allowed sources for various resources like scripts, stylesheets, and images. The generator simplifies the process of creating these policies based on your application's needs.

When to use it

• Securing a new website: Generate a baseline CSP when launching a new web project.
• Hardening an existing site: Improve the security posture of an older website by implementing or refining its CSP.
• Responding to security audits: Quickly create CSPs as part of addressing recommendations from security assessments.
• Enforcing stricter resource loading: Control exactly where your application can load resources from, mitigating potential vulnerabilities.

Key capabilities

• Generates CSP headers based on provided directives.
• Simplifies the creation of complex CSP rules.
• Helps mitigate XSS and other code injection attacks.

Example prompts

• "Generate a Content Security Policy that allows scripts only from example.com."
• "Create a CSP allowing images from data: URLs and example.net."
• "I need a CSP for a site using inline styles and fonts from Google Fonts, please generate one."

Tips & gotchas

The generated CSP may require adjustments based on your specific application's needs and dependencies. Thoroughly test any changes to your CSP in a staging environment before deploying them to production.