Content Security Policy (CSP) Generator
Automatically generate content security policy headers online for any website.
CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.
按已采集快照查看用户数变化。
展示最近 7 日窗口内已采集的评分快照,辅助判断近期评分是否稳定。
同口径展示 1 天、7 天、30 天的绝对增长与增长率。
查看发布时间、版本、支持语言、最近更新和抓取时间。
查看插件说明、主要功能和适用场景。
CSP Evaluator is a small tool that allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. Reviewing CSP policies is usually a very manual process and most developers are not aware of CSP bypasses.
CSP Evaluator checks are based on a large-scale empirical study and are aimed to help developers to harden their CSP. This tool is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.
查看最近评论和评分分布。
商店综合星级:3.1。下方星级分布只统计已同步评论正文;如果某个插件只有公开分数、没有真实评论正文,这里可能为空。
查看 Chrome 商店详情页中的相关产品。
Automatically generate content security policy headers online for any website.
Accessibility Checker for Developers, Testers, and Designers in Chrome
A Chrome Extension built to check the presence of embedded security headers.
Intercept & modify HTTP(S) traffic: redirect URLs, modify headers, inject scripts, mock REST & GraphQL APIs, and more.
OWASP Penetration Testing Kit
Disable Content-Security-Policy for web application testing. When the icon is coloured, CSP headers are disabled.
cool. May be better if it's possible to add/remove CSP directives so I can test without deploying codes lol
doesn't detect CSP in page meta tags
Спасибо!
Where to post the issues? It shows 'Directive "prefetch-src" is not a known CSP directive.', https://w3c.github.io/webappsec-csp/#directive-prefetch-src
It appears that the extension does not consider CSP in meta tags.
Супер!