OneForAll是一款功能强大的子域收集工具

Manages application of security headers with many safe defaults

Lightweight modern Python library to add security headers (CSP, HSTS, etc.) to Django, Flask, FastAPI, and more. Secure defaults or fully customizable.

Build Content-Security-Policy headers from a JSON file (or build them programmatically)

PHP Secure Headers

Collection of scripts, thoughts about CSP (Content Security Policy)

A PHP library aiming to make the use of browser security features more accessible.

Discover new target domains using Content Security Policy

Check any website (or set of websites) for insecure security headers.

A Burp Plugin for Detecting Weaknesses in Content Security Policies

Help secure .net core apps with various HTTP headers (such as CSP's)

A CSP collector written in Golang

Strict CSP (Content-Security-Policy) for Next.js hybrid apps https://web.dev/strict-csp/

☔️A curated list of tools, articles & resources to help take your frontend security to the next level. Feel free to contribute!

Module for Nuxt.js to configure security headers and more

Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.

Content-Security-Policy report aggregator/analyzer

A browser extension to disable http header Content-Security-Policy and html meta Content-Security-Policy

A chrome extension that helps you disable or bypass Content Security Policy(CSP),which is based on Manifest V3.

This tool allows to automatically test for Content Security Policy bypass payloads.