Hear is a couple of libraries to work with Content-Security-Policy in your JavaScript application.
Zero-dependency library for generating CSP policies. It can be used for both HTTP header and <meta> element. Supports presets for organizing and managing your policies.
This is a csp-header wrapped in a middleware with auto-tld support and nonce generation. It's ready to use in your Express application.