"Content Security Policy (CSP) Generator", the extension, temporarily includes the "Content Security Policy" HTTP header on web pages that the user requests.

The temporarily included Content Security Policy header uses csper.io as the report-uri to collect and aggregate the content security policy reports, which allows the building of new content security policies. This is necessary for the functionality of the extension. These reports do not contain information that is personally identifiable. Anyone is able to generate content security policy reports for any website. More information on CSP can be found in the spec. https://www.w3.org/TR/CSP3/

The extension uses csper.io's API to retrieve and aggregate the content security policy reports. Authentication to csper's server is done with an anonymous token, so no information about the user is known.

When the optional feature "Email me the results" is used, the supplied user's email address is transmitted over HTTPS to csper.io's server, and a summary email is sent to the supplied email from Csper's email.

The extension does not use any analytics/tracking scripts.

Any questions can be sent to privacy@csper.io.

Last updated April 15, 2020