CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.
CSP Evaluator is a small tool that allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. Reviewing CSP policies is usually a very manual process and most developers are not aware of CSP bypasses.
CSP Evaluator checks are based on a large-scale empirical study and are aimed to help developers to harden their CSP. This tool is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.
Latest reviews
- (2023-04-17) Helio Bentes: It doesn't detect meta CSP and it doesn't say anything about it on the description
- (2023-04-17) Serghei Iakovlev: For some unknown reason, when the extension was enabled, my browser sent additional requests to the sites. As a result, I lost a lot of hours debugging my site and trying to find the cause of the duplicate requests. As soon as I turned off the extension, the problem disappeared.
- (2022-10-25) Justus Wingert: Macht wenig überraschend exakt das was dran steht. Keine Ahnung was an anderer Stelle schief gegangen ist, aber es funktioniert sogar in Edge.
- (2022-09-06) Support Analytics RESONEO: Keeps crashing in Chrome 104
- (2022-08-25) Enis Shala: used it sometime ago and it was working just fine, with current version of chrome is not working anymore, it keeps crashing Version 104.0.5112.101
- (2021-12-09) Nordine Zetoutou: No CSP detected on any webpage.
- (2021-03-13) Dave Dörenberg-Veltman (Blackpearl1477): liked it. saved me some headaches!!! was playing around for weeks to get my csp right! there's one drawback though. after copying it all to my policy file it bricked my wordpress login page. so i had to revert back using ftp access to my server to find the problem..... again.
- (2020-11-21) Alexander Dobernig: No CSP detected on any webpage.
- (2020-08-24) Leigh Silverstein: It doesn't detect meta CSPs which should have been stated in the extension details.
- (2019-11-07) Dika Purnasucita: cool. May be better if it's possible to add/remove CSP directives so I can test without deploying codes lol
- (2019-10-29) Korutz: doesn't detect CSP in page meta tags
- (2019-04-17) Loki Wijnen: Doesn't detect CSP on any websites I tested!
- (2018-07-05) Ronald Reagan: Спасибо!
- (2018-01-30) Binyamin Laukstein: Where to post the issues? It shows 'Directive "prefetch-src" is not a known CSP directive.', https://w3c.github.io/webappsec-csp/#directive-prefetch-src
- (2017-01-21) Dario Alpern: It appears that the extension does not consider CSP in meta tags.
- (2016-09-29) iphon4ik: Супер!
Statistics
Installs
20,000
history
Category
Rating
2.9655 (29 votes)
Last update / version
2024-07-13 / 0.3.2
Listing languages
en