Content Security Policy (CSP) Generator
Automatically generate content security policy headers online for any website.
CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.
Review user movement across collected snapshots.
View collected rating snapshots from the latest 7-day window to assess rating stability.
Compare 1-day, 7-day, and 30-day net growth and growth rate.
Review publication date, version, supported languages, and crawl timestamps.
Review the store description, core capabilities, and common use cases.
CSP Evaluator is a small tool that allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. Reviewing CSP policies is usually a very manual process and most developers are not aware of CSP bypasses.
CSP Evaluator checks are based on a large-scale empirical study and are aimed to help developers to harden their CSP. This tool is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.
Inspect the latest comments and rating distribution.
Store average score: 3.1. The bars below are calculated from synced review text only, so they may be empty for extensions that have public ratings but no synced comments yet.
Review related products from the Chrome Web Store detail page.
Automatically generate content security policy headers online for any website.
Accessibility Checker for Developers, Testers, and Designers in Chrome
A Chrome Extension built to check the presence of embedded security headers.
Intercept & modify HTTP(S) traffic: redirect URLs, modify headers, inject scripts, mock REST & GraphQL APIs, and more.
OWASP Penetration Testing Kit
Disable Content-Security-Policy for web application testing. When the icon is coloured, CSP headers are disabled.
I have a CSP but this doesn't detect it. So disappointed.
It doesn't detect meta CSP and it doesn't say anything about it on the description
For some unknown reason, when the extension was enabled, my browser sent additional requests to the sites. As a result, I lost a lot of hours debugging my site and trying to find the cause of the duplicate requests. As soon as I turned off the extension, the problem disappeared.
Macht wenig überraschend exakt das was dran steht. Keine Ahnung was an anderer Stelle schief gegangen ist, aber es funktioniert sogar in Edge.
Keeps crashing in Chrome 104
used it sometime ago and it was working just fine, with current version of chrome is not working anymore, it keeps crashing Version 104.0.5112.101
No CSP detected on any webpage.
liked it. saved me some headaches!!! was playing around for weeks to get my csp right! there's one drawback though. after copying it all to my policy file it bricked my wordpress login page. so i had to revert back using ftp access to my server to find the problem..... again.
No CSP detected on any webpage.
It doesn't detect meta CSPs which should have been stated in the extension details.