extension ExtPose

CSP Evaluator

Description from extension meta CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.
Image from store CSP Evaluator
Description from store CSP Evaluator is a small tool that allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. Reviewing CSP policies is usually a very manual process and most developers are not aware of CSP bypasses. CSP Evaluator checks are based on a large-scale empirical study and are aimed to help developers to harden their CSP. This tool is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.
Latest reviews (2019-11-07) purnadika: cool. May be better if it's possible to add/remove CSP directives so I can test without deploying codes lol (2019-10-29) Luc van Fol: doesn't detect CSP in page meta tags (2019-04-17) Loki Wijnen: Doesn't detect CSP on any websites I tested! (2018-07-05) Ronald Reigan: Спасибо! (2018-01-30) Binyamin Laukstein: Where to post the issues? It shows 'Directive "prefetch-src" is not a known CSP directive.', https://w3c.github.io/webappsec-csp/#directive-prefetch-src (2017-01-21) Dario Alpern: It appears that the extension does not consider CSP in meta tags. (2016-09-29) iphon4ik: Супер!

About Extpose

Extpose is a service for Chrome extension publishers.
It helps tracking and optimizing browser extension performance in Chrome Web Store.

The most valuable features are available after creating an account.

Learn more

If you are not an extension developer and want to install this extension please proceed to Chrome Web Store

Go to Chrome Web Store


4.1765 (17 votes)
Last update / version
2017-05-30 / 0.1.1




Similar extensions