CSP Fallback Artifacts

All is not Self: Empirical Analysis of the Content Security Policy Fallback Mechanism

Overview

This page provides supplemental materials for our empirical study on fallback behaviors in Content Security Policy (CSP). The artifacts support the analysis presented in the paper and enable the reproducibility of our findings.

Artifacts

The artifact repository contains all materials necessary to reproduce the results of this study.

  • Dataset of Real-World CSP Deployments (September 2024): Aggregated CSP policies, identified fallback directives, and reconstructed configurations, including Complete, Strict, and Relaxed CSPs.
  • Resource-Level Measurements: Detailed information on external resources loaded by each website, including scripts, iframes, workers, images, styles, connections, and media domains.
  • CSP Reconstruction Tool: An automated framework for detecting fallback mechanisms and generating updated CSPs based on observed runtime behavior.
  • Dockerized Reproducibility Environment: A portable setup containing all dependencies required to run and evaluate the CSP reconstruction pipeline.
  • Scripts and Documentation: Step-by-step instructions for building, executing, and reproducing the analyses presented in the paper.

Access Artifact Repository