Merge pull request #255 from righettod/master

riramar · web-flow · commit 39975be02722 · 2025-10-27T09:32:13.000-03:00
add ref to https://cspbypass.com/
diff --git a/tab_bestpractices.md b/tab_bestpractices.md
@@ -352,6 +352,8 @@ Cache-Control: no-store, max-age=0
 
 ## Prevent CSP bypasses
 
+> 💡 This [online tool](https://cspbypass.com/) can be used to identify existing bypasses for a CSP policy.
+
 This section describes some points, to keep in mind, during the creation of a [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) (called **CSP**) policy to prevent introducing bypasses.
 
 🚩 Not every **[directives](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#directives)** fallback to the **[default-src](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src)** directive when it is not specified in the CSP policy.
