Developer HubDownload FirefoxRegister or Log in
Preview of Laboratory (Content Security Policy / CSP Toolkit)

Laboratory (Content Security Policy / CSP Toolkit)by April King, Mozilla

Because good website security shouldn't only be available to mad scientists!

Laboratory is an experimental Firefox extension that helps you generate a Content Security Policy (CSP) header for your website.

Only with Firefox—Get Firefox Now
1,675
Users
20
Reviews
4.6 Stars
Screenshots
After recording, Laboratory generates a Content Security Policy that matches the resources your site uses.
If your site has inline script, it creates a policy that will work but warns you that it's dangerous.
With Laboratory, you can enforce custom Content Security Policies without having to change a single line of your web server's configuration!
About this extension
Laboratory is an Firefox extension that helps you generate a proper Content Security Policy (CSP) header for your website. Simply start recording, browse your site, and enjoy the CSP header that it produces.

Want to learn about how Laboratory works and the best ways to use it? Please check out our video introduction by Securing DevOps.
Rate your experience
How are you enjoying Laboratory (Content Security Policy / CSP Toolkit)?

Star rating saved

Report this add-on for abuse

If you think this add-on violates Mozilla's add-on policies or has security or privacy issues, please report these issues to Mozilla using this form.

Please don't use this form to report bugs or request add-on features; this report will be sent to Mozilla and not to the add-on developer.

Add to collection
More information
Add-on Links
Version
3.0.5
Last updated
4 months ago (Nov 15, 2018)
License
Mozilla Public License, version 2.0
Version History
Usage Statistics
Visit stats dashboard
Permissions

This add-on can:

  • Access your data for all websites
  • Access browser tabs
  • Access browser activity during navigation
Learn more about permissions
Release notes for 3.0.5
- Brand new user interface
- Much faster performance
- Support for worker-src, form-action, unsafe-eval, and websockets
- Support for scheme sources
More extensions by these developers