displayName
CSP Header Audit
workflowKind
security
triggerType
scheduled
typicalCadence
quarterly
complexity
cross-team
description
Audits Content Security Policy headers across all web properties — scanning
for unsafe-inline and unsafe-eval directives, validating nonce/hash
integrity, analyzing CSP violation reports for false positives and real
threats, testing report-only policies before enforcement, and verifying
third-party script allowlists against the current vendor inventory. Excludes
general web application penetration testing.