Awesome. Works great and saves me tons of time. Thanks a lot!
One question: Using Firefox dev tools or addons like LastPass during recording always triggers unsafe-inline for script-src. Is there any chance the addon could detect this and separate it from the requirements of the recorded website?

Great idea! I don't have a web server otherwise I'd be clicking on 'Add' right now. Keep the great security and privacy innovations coming Mozilla! A++
-A very happy Firefox user

Good stuff.

haha

I think finding this add on will save me loads of time, because it pretty much did AFAIK all of my job the first time I tried it on a test website... and al tho writing solid and extensive CSP headers IS hugely important for businesses and public offices etc., it's also hugely boring and soooo much work. Especially since designers and frontend JS jockies most of the time not even care where their 'loaned' leet scripts. fonts and gfx comes from, or that an obscure (never heard of) CDN might not be the most trustworthy party they think it is :-) This is going to save me time by giving me at least a great head start every single time.. the fine tuning is always different anyway :-) No more 1000x restarting of webservices, because you found another one ;-)

come now. this has got to be the quietest review section for an add-on I've seen.

tell us what sorts of dirty deeds you've been doing with this?

er... ~cough~, ~cough~ I mean... what sorts of dirty deeds are you trying to write a content policy for your service to defend against?

Working a treat, will write a back end for CSP reports soon.