CSP Evaluator

How to install an extension Open in Chrome Web Store

CRX ID

fjohamlofnakbnbfjkohkbdigoodcejf

Status

Live on Store

Description from extension meta

CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.

Image from store

Description from store

CSP Evaluator is a small tool that allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. Reviewing CSP policies is usually a very manual process and most developers are not aware of CSP bypasses.
CSP Evaluator checks are based on a large-scale empirical study and are aimed to help developers to harden their CSP. This tool is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.

Latest reviews

Nicolas Zulaica 2025-06-27: In every page i tried it it said: "No Content Security Policy found". And yes, these pages had CSP configured.
Dave Aspinall 2025-03-20: Works great!
Goktug Erol 2025-01-23: It works just fine.
Evan Tirta 2024-11-14: extension stopped working :(
Kirk Solar 2024-11-04: This extension stopped working for me in the past couple months in the Brave browser. I recently disabled, removed, and reinstalled and it's working again. For those who are having trouble with it working, give the reinstall a try.
Josh Barber 2024-09-13: Was great until it stopped working for me. Please fix and I'll change my rating
Paulo Lima 2024-09-12: I this thing stopped working :/
Barbara Renowden 2024-03-21: I have a CSP but this doesn't detect it. So disappointed.
Helio Bentes 2023-04-17: It doesn't detect meta CSP and it doesn't say anything about it on the description
Helio Bentes 2023-04-17: It doesn't detect meta CSP and it doesn't say anything about it on the description
Serghei Iakovlev 2023-04-17: For some unknown reason, when the extension was enabled, my browser sent additional requests to the sites. As a result, I lost a lot of hours debugging my site and trying to find the cause of the duplicate requests. As soon as I turned off the extension, the problem disappeared.
Serghei Iakovlev 2023-04-17: For some unknown reason, when the extension was enabled, my browser sent additional requests to the sites. As a result, I lost a lot of hours debugging my site and trying to find the cause of the duplicate requests. As soon as I turned off the extension, the problem disappeared.
Justus Wingert 2022-10-25: Macht wenig überraschend exakt das was dran steht. Keine Ahnung was an anderer Stelle schief gegangen ist, aber es funktioniert sogar in Edge.
Support Analytics RESONEO 2022-09-06: Keeps crashing in Chrome 104
Support Analytics RESONEO 2022-09-06: Keeps crashing in Chrome 104
Enis Shala 2022-08-25: used it sometime ago and it was working just fine, with current version of chrome is not working anymore, it keeps crashing Version 104.0.5112.101
Enis Shala 2022-08-25: used it sometime ago and it was working just fine, with current version of chrome is not working anymore, it keeps crashing Version 104.0.5112.101
Nordine Zetoutou 2021-12-09: No CSP detected on any webpage.
Nordine Zetoutou 2021-12-09: No CSP detected on any webpage.
Dave Dörenberg-Veltman (Blackpearl1477) 2021-03-13: liked it. saved me some headaches!!! was playing around for weeks to get my csp right! there's one drawback though. after copying it all to my policy file it bricked my wordpress login page. so i had to revert back using ftp access to my server to find the problem..... again.
Dave Dörenberg-Veltman (Blackpearl1477) 2021-03-13: liked it. saved me some headaches!!! was playing around for weeks to get my csp right! there's one drawback though. after copying it all to my policy file it bricked my wordpress login page. so i had to revert back using ftp access to my server to find the problem..... again.
Alexander Dobernig 2020-11-21: No CSP detected on any webpage.
Alexander Dobernig 2020-11-21: No CSP detected on any webpage.
Leigh Silverstein 2020-08-24: It doesn't detect meta CSPs which should have been stated in the extension details.
Leigh Silverstein 2020-08-24: It doesn't detect meta CSPs which should have been stated in the extension details.
Dika Purnasucita 2019-11-07: cool. May be better if it's possible to add/remove CSP directives so I can test without deploying codes lol
Dika Purnasucita 2019-11-07: cool. May be better if it's possible to add/remove CSP directives so I can test without deploying codes lol
Korutz 2019-10-29: doesn't detect CSP in page meta tags
Korutz 2019-10-29: doesn't detect CSP in page meta tags
Loki Wijnen 2019-04-17: Doesn't detect CSP on any websites I tested!
Ronald Reagan 2018-07-05: Спасибо!
Binyamin Laukstein 2018-01-30: Where to post the issues? It shows 'Directive "prefetch-src" is not a known CSP directive.', https://w3c.github.io/webappsec-csp/#directive-prefetch-src
Binyamin Laukstein 2018-01-30: Where to post the issues? It shows 'Directive "prefetch-src" is not a known CSP directive.', https://w3c.github.io/webappsec-csp/#directive-prefetch-src
Dario Alpern 2017-01-21: It appears that the extension does not consider CSP in meta tags.
Dario Alpern 2017-01-21: It appears that the extension does not consider CSP in meta tags.
iphon4ik 2016-09-29: Супер!

Extension Actions