ToolypetMCP
intermediate4 minutescross hub

Create CSP & Evaluate Security

Generate a Content Security Policy, evaluate it for weaknesses, then check related security headers.

cspsecurity-headersauditweb-security

何时使用此配方

Build and verify CSP policies iteratively. Generate, evaluate, fix weaknesses, and ensure all supporting security headers are in place.

步骤

1

CSP Generator

试用此工具

Create the CSP policy

提示词:Generate a strict CSP for a React SPA that uses Google Fonts, a CDN for images, and Stripe for payments
2

CSP Evaluator

试用此工具

Audit CSP for weaknesses

提示词:Evaluate the generated CSP: check for unsafe-inline, unsafe-eval, wildcard sources, and missing directives
3

Security Header Checker

试用此工具

Check supporting security headers

提示词:Verify complementary headers: X-Content-Type-Options, X-Frame-Options, Referrer-Policy alongside the CSP

常见问题

What makes a CSP weak?

Common weaknesses: unsafe-inline (allows XSS), unsafe-eval (allows code injection), wildcard sources (*.example.com), and missing default-src fallback.

How do I fix CSP violations without unsafe-inline?

Use nonces (nonce-{random}) or hashes (sha256-{hash}) for inline scripts. For styles, extract to external files or use style-src with hashes.

相关配方

Website Launch Checklist

Complete pre-launch checklist: SEO meta tags, Open Graph, sitemap, robots.txt, and security headers.

Full-Stack Security Setup

Comprehensive security setup: password hashing, JWT auth, CSP, CORS, security headers, and 2FA.

Freelancer Financial Toolkit

Essential freelancer tools: project margin calculator, invoice tip estimator, and expense split for teams.

Blog Post SEO Optimization

Optimize blog posts with meta tags, Open Graph, SERP preview, and structured data for maximum visibility.

返回所有配方