Csp-toolkit – Python library to parse, analyze, and find bypasses in CSP headers (chs.us)

The post introduces csp-toolkit, a Python library and CLI for parsing Content Security Policy (CSP) headers, running weakness checks, scoring policies, and finding bypass vectors using a curated database. The author also reports results from scanning major sites, highlighting that several rely on report-only CSPs that log violations but do not enforce protection. It further describes workflows for recon at scale, diffing and monitoring CSP changes, and generating patched CSP drafts based on collected violation reports.