This plugin helps site administrators implement a strict Content Security Policy (CSP) to prevent cross-site scripting and other injection attacks. It is designed for users who need to secure their site but face challenges with inline scripts and dynamic content that typically force the use of unsafe-inline allowances.

• Automatic script detection and storage: During a setup phase, the plugin scans your site's pages to catalog all scripts, styles, and embedded content, storing them for review.
• Script authorization management: Provides an admin interface to whitelist the detected content, allowing you to approve legitimate scripts for your policy.
• Inline script clustering: Uses analysis to group similar inline scripts generated by server-side code, enabling bulk authorization instead of manual hash calculation for each variant.
• Support for nonces and hashes: Allows you to authorize inline scripts using either cryptographic nonces or hashes, giving flexibility in how you secure dynamic content.
• Refactoring assistance: Can help identify and suggest changes for HTML event attributes and inline styles, promoting safer coding patterns to avoid unsafe-hashes.