Blog Post

Content Security Policy Library Project

I am happy to unveil a new GitHub project today, CSP Library or Content Security Policy Library. The project aims to collect and maintain the list of websites and services, with the rules required for various CSP directives.

The Content Security Policy is an increasingly relevant and popular security header supported by all major browsers (to different degrees). But, it can be quite difficult to configure and include all the required directives and rules. If you use Google Fonts or Maps on your website, or you have Twitter or Facebook widgets and other elements from outside sources, and you want to protect your website with Content Security Policy, you would need to include all relevant rules for various CSP directives to allow these services to work inside your website.

To learn more about Content Security Policy, check out the resources on the Mozilla Developer Network. It is important to know that specifications for CSP are always changing and evolving and that different browsers support different aspects of the policy.

Content Security Policy Library Project

Let’s go back to the new GitHub project. As far as I know, there is no central resource available where the list of rules for popular websites and services is listed, and getting a valid list of rules can be very tiresome, especially for complex services like Google Adsense or Google Maps. Don’t get me wrong, you can manually figure out what is needed through testing for most services, but that is not something most website owners are willing to do or will know to do. For some services, that may not be enough (Google Local Pixels domains list is very long, and you can’t easily find the full list through testing only because each domain on this list depends on your location).

Check out the GitHub project Content Security Policy Library. If you want to contribute, you can open a new issue or create a pull request to submit changes to the existing rules (if you have noticed that some website-specific rules have changed) or submit new website or service rules.

The CSP Library project currently lists 60+ websites and services using simple JSON format files where you have the name of the website or service, an optional description, and a list of rules for every directive needed. If you need to use these rules on your website to configure CSP rules better, feel free to use the provided rules, and again, I would appreciate contributing to the maintenance and expansion of this library.

The upcoming Dev4Press security plugin (the one aiming to replace two of our old security plugins) is going to use this library to improve the CSP implementation, so stay tuned for that, coming out most likely in early September 2023.

Let me know if you want to see more services in the library, use GitHub issues and pull requests to contribute, and let me know how this project can be improved in the future.

Please wait...

About the author

Milan Petrovic
Milan Petrovic

CEO and Lead developer of Dev4Press Web Development company, working with WordPress since 2008, first as a freelancer, later founding own development company. Author of more than 250 plugins and more than 20 themes.

Subscribe to Dev4Press Newsletter

Get the latest announcements, release digests, promotions and exclusive discounts, and general Dev4Press-related news straight into your mailbox.

This form collects your email (optionally your name) for the purpose of sending you newsletters. Check out our Privacy Policy for more information on how we store and manage your data. We will not send you any spam. Newsletters are sent 2 to 4 times every month.

Latest From The Blog

wordpress happy birthday wordpress turns 21

Happy Birthday: WordPress Turns 21

21 years young and still going strong, WordPress powers nearly half of all Internet websites and is the most used CMS by a large margin over the competition, with a very active development cycle, showing no signs of slowing down.
tutorials wordpress debug mode benefits and pitfalls

WordPress Debug mode: Benefits and Pitfalls

Developers know how to best use debug in WordPress and WordPress WP_DEBUG constant to get through potential problems and bugs their code might have. But, for regular users, using debug mode can be very confusing and cause more problems than it can help solve.
plugins relase corsecurity 1 9

coreSecurity Pro 1.9

coreSecurity Pro 1.9 brings several very important bug fixes (related to the file scanner), several new features related to antispam control, user session management, improvements to the file scanner, and more.

Leave a Comment

Grammarly - Number 1 Writing App
WP Rocket - Make WordPress Load Fast in a Few Clicks