Recipes
Practical workflows
A handful of commands that cover most real-world cspresso usage.
Draft a CSP
cspresso https://example.com --max-pages 10
Start here, then audit the output. Crawls won’t cover every flow (auth-only pages, conditional loads, A/B tests, etc.).
Headed debugging
cspresso https://example.com --headed --settle-ms 2500
Useful when the site does delayed loads or you want to visually confirm what’s happening during the crawl.
Sourcemaps & connect-src
cspresso https://example.com --include-sourcemaps
If browsers/devtools fetch
*.map files from a CDN, this helps make sure the CDN origin lands in connect-src.
Upgrade insecure requests
cspresso https://example.com --upgrade-insecure-requests
Handy during migrations when you still have a few stray HTTP URLs.
AppImage (writable browser cache)
./cspresso.AppImage https://example.com \
--browsers-path "$HOME/.cache/cspresso/pw-browsers"
AppImages mount read-only. Set
--browsers-path so Playwright can install Chromium into a writable directory.
CI gate with --evaluate
cspresso https://example.com \
--bypass-csp \
--evaluate "default-src 'self'; script-src 'self' https://cdn.jsdelivr.net;" \
--json
Exits
1 if the candidate policy would be violated - great for PR checks.