extension ExtPose

CSP Evaluator

Description from extension meta

CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.

Image from store CSP Evaluator
Description from store CSP Evaluator is a small tool that allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. Reviewing CSP policies is usually a very manual process and most developers are not aware of CSP bypasses. CSP Evaluator checks are based on a large-scale empirical study and are aimed to help developers to harden their CSP. This tool is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.

Latest reviews

  • (2019-11-07) Escape Velocity: cool. May be better if it's possible to add/remove CSP directives so I can test without deploying codes lol
  • (2019-10-29) Luc van Fol: doesn't detect CSP in page meta tags
  • (2019-04-17) Loki Wijnen: Doesn't detect CSP on any websites I tested!
  • (2018-07-05) Ronald Reagan: Спасибо!
  • (2018-01-30) Binyamin Laukstein: Where to post the issues? It shows 'Directive "prefetch-src" is not a known CSP directive.', https://w3c.github.io/webappsec-csp/#directive-prefetch-src
  • (2017-01-21) Dario Alpern: It appears that the extension does not consider CSP in meta tags.
  • (2016-09-29) iphon4ik: Супер!


6,680 history
4.1765 (17 votes)
Last update / version
2020-04-16 / 0.2.1
Listing languages