Content Security Policy (CSP) Generator
Automatically generate content security policy headers online for any website.
CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.
Review user movement across collected snapshots.
View collected rating snapshots from the latest 7-day window to assess rating stability.
Compare 1-day, 7-day, and 30-day net growth and growth rate.
Review publication date, version, supported languages, and crawl timestamps.
Review the store description, core capabilities, and common use cases.
CSP Evaluator is a small tool that allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. Reviewing CSP policies is usually a very manual process and most developers are not aware of CSP bypasses.
CSP Evaluator checks are based on a large-scale empirical study and are aimed to help developers to harden their CSP. This tool is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.
Inspect the latest comments and rating distribution.
Store average score: 3.1. The bars below are calculated from synced review text only, so they may be empty for extensions that have public ratings but no synced comments yet.
Review related products from the Chrome Web Store detail page.
Automatically generate content security policy headers online for any website.
Accessibility Checker for Developers, Testers, and Designers in Chrome
A Chrome Extension built to check the presence of embedded security headers.
Intercept & modify HTTP(S) traffic: redirect URLs, modify headers, inject scripts, mock REST & GraphQL APIs, and more.
OWASP Penetration Testing Kit
Disable Content-Security-Policy for web application testing. When the icon is coloured, CSP headers are disabled.
cool. May be better if it's possible to add/remove CSP directives so I can test without deploying codes lol
doesn't detect CSP in page meta tags
Спасибо!
Where to post the issues? It shows 'Directive "prefetch-src" is not a known CSP directive.', https://w3c.github.io/webappsec-csp/#directive-prefetch-src
It appears that the extension does not consider CSP in meta tags.
Супер!