As of September 5, 2008 the Content Security Policy add-on only implements the allow, img-src, script-src, object-src, and frame-src portions of this proposal. I will continue to implement additional features as time permits, though it is possible that the add-on will never be a complete implementation. It may be more effective to simply focus on a permanent long-term implementation.

Content Security Policy Add-On

For now, you can download the Content Security Policy Add-on from this website:

Content Security Policy add-oncontent-security-policy.xpi

Once you have the extension installed and you have restarted Firefox, you can proceed to the demo page to see it in action. Note: you can activate and de-activate the add-on by clicking the "CSP" icon in the lower-right corner of the browser window.

Eventually, the add-on will be available to download on addons.mozilla.org. It first needs to receive a sufficient number of reviews and subsequent approval from the AMO editors to be let out of the the sandbox.


Overview | Details | Download | Demo | Origin Header | Discussion