CSP Generator

Create a CSP for your website automatically.

Our tool will scan the first 5 pages of your website and generate an example CSP based on detected third party inclusions.

Built with Quant Edge Functions.

 

CSP Generator


Analysis for: https://www.quantcdn.io/

Analyzed Pages:

  • https://www.quantcdn.io/
  • https://www.quantcdn.io/features
  • https://www.quantcdn.io/home#
  • https://www.quantcdn.io/integrations/drupal
  • https://www.quantcdn.io/integrations/wordpress
  • https://www.quantcdn.io/integrations/static-generators

Suggested Content Security Policy:

default-src 'self'; script-src 'self' https://cdn.jsdelivr.net https://www.quantcdn.io; style-src 'self' https://www.quantcdn.io; img-src 'self' null https://www.quantcdn.io; font-src 'self'; frame-src 'self' https://www.youtube.com; connect-src 'self' https://www.quantcdn.io

Explanation of CSP Directives:

default-src
The fallback directive for all other fetch directives.
script-src
Specifies valid sources for JavaScript.
style-src
Specifies valid sources for stylesheets.
img-src
Specifies valid sources for images.
font-src
Specifies valid sources for fonts loaded using @font-face.
frame-src
Specifies valid sources for nested browsing contexts loading using elements such as <frame> and <iframe>.
connect-src
Restricts the URLs which can be loaded using script interfaces (e.g., XHR, WebSocket, EventSource).

Each directive specifies a list of allowed sources:

  • 'self': Allows loading resources from the same origin (same scheme, host, and port).
  • domain.com: Allows loading resources from the specified domain.
  • *.domain.com: Allows loading resources from any subdomain of domain.com.

This CSP is a starting point and may need further refinement based on your specific needs and security requirements.

Use the 'url' parameter to generate a CSP for a different website.

What is a CSP?

A Content Security Policy (CSP) defines rules for how clients may interact with your site from a security perspective.

A Content Security Policy (CSP) is a security feature implemented by web browsers to prevent various types of attacks, particularly cross-site scripting (XSS) and data injection attacks. It works by specifying which content sources are considered trusted by the web application, controlling what resources (such as scripts, stylesheets, images, and more) can be loaded and executed. CSP is implemented through an HTTP header or meta tag, providing an additional layer of security beyond same-origin policies.

Why is using a CSP important?

  • Mitigate XSS Attacks: CSP can prevent malicious scripts from executing, even if an attacker manages to inject them into your page.
  • Prevent Clickjacking: By controlling which domains can embed your site, CSP helps protect against clickjacking attacks.
  • Data Theft Protection: CSP can restrict where data can be sent, helping to prevent unauthorized data exfiltration.
  • Reduce Attack Surface: By explicitly whitelisting trusted sources, CSP limits the potential entry points for attacks.
  • Enforce HTTPS: CSP can be used to ensure that all content is loaded over secure connections, enhancing overall site security.
  • Control Resource Loading: It allows fine-grained control over which external resources (like scripts, styles, fonts) can be loaded, reducing the risk of malicious third-party content.
  • Detect and Report Violations: CSP can be configured to report violations, helping developers identify and fix potential security issues quickly.

What is Quant?

QuantCDN is an all-in-one CDN and Jamstack solution.

Our content delivery network spans over 90 points of presence globally to provide minimal latency to your customers around the world. Our rich feature-set includes CDN, WAF, image optimization, tiered caching, static snapshots, failover, serverless functions, and much more.

This IP address lookup tool is provided free of charge and built using our Edge Functions, which allow for dynamic Javascript to execute directly at edge.

Icons representing Quant CDN Services