Quickstart Guide
Secure your first website with ScriptAttest in 5 minutes.
1. Create an Account
Sign up for a free account. No credit card is required for the Free plan, which includes monitoring for 1 site.
2. Add Your Site
Navigate to the Sites dashboard and click Add Site. Enter your domain name (e.g., example.com).
3. Run a Scan
Once your site is added, click Run Scan. Our headless browser will visit your site and detect:
- External scripts (Google Analytics, CDNs, etc.)
- Stylesheets and fonts
- Images and media
- Connect sources (API calls)
4. Review Sources
After the scan completes, you'll see a list of detected external sources. Review each one:
- Approve sources you recognize and trust
- Deny suspicious or unwanted sources
5. Deploy Policy
Go to the Policies tab to view your generated CSP. Copy the policy string and add it to your web server configuration or HTML head:
Nginx
add_header Content-Security-Policy "default-src 'self'; ...";Apache
Header set Content-Security-Policy "default-src 'self'; ..."HTML Meta Tag
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; ...">6. Monitor Violations
Your generated policy includes both report-uri and report-to directives for maximum browser compatibility.
To receive reports from Chrome, Edge, and Brave, you'll also need to add a Reporting-Endpoints header.
See the deployment guide for complete setup instructions.