We have been using Mozilla observatory to nudge us to improve our webserver configurations; tighten them up. We can put a few headers in apache/nginx/IIS to bring our site up to level B but a sticking point is CSP – Content Security Policy. CSP is for controlling script origins and mitigating XSS (cross site scripting), clickjacking, and content injection attacks.
So on a basic level if you don’t state the origin of all your scripts it is going to stop them working. Media, analytics, centralised login. Well. This is upsetting for some!
Fortunately you can put a CSP header in place which just reports. I was expecting it to put these into the normal webserver logs, but that wasn’t so. It will report by posting to a JSON string to a URL.
CLAUDE !
So claude looked up the information about this at Mozilla Observatory and on its own initiative designed this tool.
So it lists the potential violations as they come in.
It’s early days but a fine example of Claudes prowess. There are other open source tools you can find to do this and Sentry can handle it also.