The browser padlock is important. It is critical for e-commerce and other applications that depend on HTTPS for sending sensitive information securely. Unfortunately many sites, even major retailers have trouble keeping that browser padlock green.
On my teams I've seen it happen over and over. You release a web application that uses SSL. At launch time there is manual QA to ensure the browser padlock is green. All good. 6 months later, the padlock is broken becuase somebody misconfigured the webfonts, or the YouTubes, etc.
The problem here is that you have a manual QA step! Rack-Padlock is a tool I wrote to remove that manual step. Building this was soo awesome! I got to read the CSP specification. My rack-fu has gotten pretty good. And my final solution is crazy easy to use!
Check out the sample application, or just drop it into your own Rails app.