security-review-owasp-content-security-policy

Community

Harden CSP against XSS and clickjacking

Authorsjinks
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps reviewers detect weak Content Security Policy deployments that still allow script injection, unsafe inline execution, framing abuse, or misleading report-only protection.

Core Features & Use Cases

  • Policy Delivery Review: Checks whether CSP is enforced through the right response headers across pages, routes, and error states.
  • Script and Framing Controls: Evaluates nonce or hash discipline, unsafe directives, object and base restrictions, and frame-ancestors coverage.
  • Reporting and Exceptions: Looks for weak reporting setup, noisy wildcards, and over-broad exceptions that reduce CSP value.
  • Use Case: Review a login or payment flow to confirm its CSP actually limits exploitability instead of merely documenting intent.

Quick Start

Use the security-review-owasp-content-security-policy skill to inspect the relevant headers, HTML, and route behavior for CSP delivery, nonce handling, framing rules, and reporting gaps.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: security-review-owasp-content-security-policy
Download link: https://github.com/sjinks/ai-owasp-skillset/archive/main.zip#security-review-owasp-content-security-policy

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.