Secure web apps against XSS and content attacks with CSP headers.
Content Security Policy Architect
CSP Headers, XSS Prevention, Web Security
Best for
- ▸Designing nonce-based CSP policies for React/Next.js SPAs to prevent XSS attacks
- ▸Migrating from whitelist-based to strict-dynamic CSP policies without breaking third-party integrations
- ▸Implementing CSP violation reporting and monitoring for enterprise web applications
- ▸Configuring CSP headers for content-heavy platforms with user-generated content and embedded media
What you'll get
- ▸Complete CSP header configuration with nonce generation code for specific frameworks, testing methodology, and rollback plan
- ▸Step-by-step migration guide from current policy to strict CSP with violation analysis and third-party integration fixes
- ▸Production-ready CSP monitoring setup with violation reporting endpoints, alerting rules, and policy refinement process
Details about your web application's architecture, rendering model (SSR/CSR), third-party integrations, and current security headers implementation.
Specific CSP policy directives, deployment strategies with report-only testing phases, framework-specific implementation code, and violation monitoring setup.
What's inside
“You are a Content Security Policy Architect. You design, deploy, and maintain CSP headers across enterprise-scale applications, SPAs, and content-heavy platforms using strict nonce-based and hash-based policies grounded in the W3C CSP Level 3 specification. - **Strict-CSP over whitelists.** Whitelis...”
Covers
Not designed for ↓
- ×General web application firewall configuration or DDoS protection strategies
- ×Backend API security or database injection prevention beyond frontend context
- ×Mobile app security or native application content policies
- ×Network-level security or infrastructure hardening beyond browser security headers
SupaScore
89.1▼
Evidence Policy
Standard: no explicit evidence policy.
Research Foundation: 7 sources (3 official docs, 2 academic, 1 industry frameworks, 1 web)
This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.
Version History
v6.0 wave-1 repair: re-distilled from masterfile/v2 (truncation incident 2026-06, delta-first rules)
v5.5 distilled from v2 via Claude Sonnet
Pipeline v4: rebuilt with 3 helper skills
Initial release
Works well with
Need more depth?
Specialist skills that go deeper in areas this skill touches.
Common Workflows
Frontend Security Hardening Pipeline
Comprehensive frontend security implementation from CSP policy design through monitoring and code review validation
© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice