Content Security Policy as malware detector

2014-03-13 00:00:00 +0000

Content Security Policy not only protects websites that use it, but also to some extent helps in detecting malware and adware programs installed on client computers. A while ago I have built website that collect CSP report sent from websites that use it. The main purpose was to automate debugging and fine-tuning of CSP on production websites, but soon it became apparent that the reports are getting clogged with rejected content that never appeared on the original website.

The explanation for that is that end user browsers are frequently equipped with a wide range of 3rd software that perform various HTTP requests to 3rd sites when their users browse legitimate websites — and these 3rd requests are reported by CSP.