Create CSP & Evaluate Security
Generate a Content Security Policy, evaluate it for weaknesses, then check related security headers.
このレシピの使いどころ
Build and verify CSP policies iteratively. Generate, evaluate, fix weaknesses, and ensure all supporting security headers are in place.
ステップ
CSP Generator
このツールを試す →Create the CSP policy
CSP Evaluator
このツールを試す →Audit CSP for weaknesses
Security Header Checker
このツールを試す →Check supporting security headers
よくある質問
What makes a CSP weak?
Common weaknesses: unsafe-inline (allows XSS), unsafe-eval (allows code injection), wildcard sources (*.example.com), and missing default-src fallback.
How do I fix CSP violations without unsafe-inline?
Use nonces (nonce-{random}) or hashes (sha256-{hash}) for inline scripts. For styles, extract to external files or use style-src with hashes.
関連レシピ
Website Launch Checklist
Complete pre-launch checklist: SEO meta tags, Open Graph, sitemap, robots.txt, and security headers.
Full-Stack Security Setup
Comprehensive security setup: password hashing, JWT auth, CSP, CORS, security headers, and 2FA.
Freelancer Financial Toolkit
Essential freelancer tools: project margin calculator, invoice tip estimator, and expense split for teams.
Blog Post SEO Optimization
Optimize blog posts with meta tags, Open Graph, SERP preview, and structured data for maximum visibility.