Quickstart Guide

Secure your first website with ScriptAttest in 5 minutes.

1. Create an Account

Sign up for a free account. No credit card is required for the Free plan, which includes monitoring for 1 site.

2. Add Your Site

Navigate to the Sites dashboard and click Add Site. Enter your domain name (e.g., example.com).

3. Run a Scan

Once your site is added, click Run Scan. Our headless browser will visit your site and detect:

• External scripts (Google Analytics, CDNs, etc.)
• Stylesheets and fonts
• Images and media
• Connect sources (API calls)

4. Review Sources

After the scan completes, you'll see a list of detected external sources. Review each one:

• Approve sources you recognize and trust
• Deny suspicious or unwanted sources

5. Deploy Policy

Go to the Policies tab to view your generated CSP. Copy the policy string and add it to your web server configuration or HTML head:

Nginx

add_header Content-Security-Policy "default-src 'self'; ...";

Apache

Header set Content-Security-Policy "default-src 'self'; ..."

HTML Meta Tag

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; ...">

6. Monitor Violations

Your generated policy includes a report-uri directive pointing to ScriptAttest. Any violations will be reported to your dashboard, allowing you to fine-tune your policy over time.