OneForAll是一款功能强大的子域收集工具

Manages application of security headers with many safe defaults

Modern Python library for HTTP security headers with safe defaults, configurable presets, and first-class ASGI/WSGI middleware (FastAPI, Django, Flask, Shiny, and more).

PHP Secure Headers

Build Content-Security-Policy headers from a JSON file (or build them programmatically)

Discover new target domains using Content Security Policy

Collection of scripts, thoughts about CSP (Content Security Policy)

A PHP library aiming to make the use of browser security features more accessible.

Check any website (or set of websites) for insecure security headers.

A Burp Plugin for Detecting Weaknesses in Content Security Policies

Help secure .net core apps with various HTTP headers (such as CSP's)

A CSP collector written in Golang

A browser extension to disable http header Content-Security-Policy and html meta Content-Security-Policy

Strict CSP (Content-Security-Policy) for Next.js hybrid apps https://web.dev/strict-csp/

Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.

☔️A curated list of tools, articles & resources to help take your frontend security to the next level. Feel free to contribute!

Module for Nuxt.js to configure security headers and more

Websites monitoring via GitHub Actions/API (expiration, security, performances, privacy, SEO)

Content-Security-Policy report aggregator/analyzer

A secure-by-default static site generator built in Rust. WCAG 2.1 AA validation, CSP/SRI hardening, local LLM content pipeline, WebAssembly target, interactive islands, streaming compilation for 100K+ pages, 28-locale i18n, and one-command deployment.