CSP Bot

What it does

Builds a working Content-Security-Policy header for a WordPress site. Two modes:

Scan URL (default): drop in a URL. The bot fetches the page, lists every external resource the browser loads, and writes a conservative CSP from what it actually sees.
Analyze violation reports: paste raw CSP violation emails or Reporting API JSON. The bot hardens your existing policy based on real violations.

Output includes a Report-Only header to pilot with, plus copy-paste snippets for NGINX, Apache, Cloudflare Workers, and functions.php.

Scan Mode: Scan URL automatically (no violation reports needed) Analyze pasted violation reports

Website URL: * URL of the site to scan. The bot extracts every external resource the page loads and writes a CSP from those domains.