the problem
creating effective content security policies (csp) is hard. manually analyzing resource loads and responses is time-consuming and error-prone, especially for complex sites with multiple third-party resources.
the solution
the csp-policy-heuristics api automates this process. it analyzes your website's responses and resource loads, then suggests a tailored csp that blocks insecure or unnecessary sources. for example:
curl -X GET https://csp-policy-heuristics.apimesh.xyz/check?url=https://example.com
// sample output
{
"policy": "default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'",
"issues": ["blocked insecure image resource from http://badsource.com"]
}
how it works
it scrapes your website's responses and resource loads, combining multi-source data to identify insecure or unnecessary resource usage. it then recommends a strong, context-aware csp based on this data to help you improve your security posture.
try it out
want to see it in action? visit the preview or start making calls for just $0.005 per request. get real, actionable suggestions to improve your website's security now.
Top comments (0)