security-review-owasp-content-security-policy
CommunityHarden CSP against XSS and clickjacking
Authorsjinks
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps reviewers detect weak Content Security Policy deployments that still allow script injection, unsafe inline execution, framing abuse, or misleading report-only protection.
Core Features & Use Cases
- Policy Delivery Review: Checks whether CSP is enforced through the right response headers across pages, routes, and error states.
- Script and Framing Controls: Evaluates nonce or hash discipline, unsafe directives, object and base restrictions, and frame-ancestors coverage.
- Reporting and Exceptions: Looks for weak reporting setup, noisy wildcards, and over-broad exceptions that reduce CSP value.
- Use Case: Review a login or payment flow to confirm its CSP actually limits exploitability instead of merely documenting intent.
Quick Start
Use the security-review-owasp-content-security-policy skill to inspect the relevant headers, HTML, and route behavior for CSP delivery, nonce handling, framing rules, and reporting gaps.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: security-review-owasp-content-security-policy Download link: https://github.com/sjinks/ai-owasp-skillset/archive/main.zip#security-review-owasp-content-security-policy Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.