We developed an add-on called "userCSP" that hooks into Firefox's CSP implementation to allow a user to specify a policy for a web page. Not only does it allow a user to specify policy for a website, it also allows user to calculate the strictest policy or loosest policy from the policy specified by the add-on user and the policy specified by the website.
The addon provides a GUI tool for the user that includes the twelve Firefox CSP directives, each listed in separate tabs (ex: default-src, imgsrc, scriptsrc, framesrc, report-uri, etc). The user uses this tool to specify CSP policies for websites. When the response of a web page is received by the browser, the addon will check whether the user has specified CSP policy for it. If so, it will apply the user's policy the same way it would have specified a policy set by the website.
By-default CSP doesn't allow inline scripts and eval, which are used by almost all website. Therefore to use CSP policy, websites requires to change their code. The requirement of this change is hindering the adaptation of CSP by web applications (websites). However, there are savvy users who prefer security over usability. In addition, web sites developers need a tool to test different CSP rules for their website to secure their users and achieve usability. The "userCSP" add-on we developed addresses these issues.
The "userCSP" add-on allows savvy users to specify CSP to particular websites or to specify general CSP rules that is enforced on each and every website a user visits. Moreover, it allows website developers to try different CSP rules to adapt the best suited CSP policy for their website.