Best Content-Security-Policy tool to validate and check XSS, Clickjacking & Formjacking protection grade and to detect CSP bypasses.
CSP Scanner allows developers and security experts to easily inspect a site’s Content Security Policy (CSP) and understand wether it serves as a strong mitigation against client-side attacks like XSS, Clickjacking, Formjacking, Data Exfiltration and more. The extension runs with the same logic as CSPscanner.com tool, and is built combining years of cumulative best practice with the Content-Security-Policy technology and how to most effectively block client-side attacks. The tool may suggest a Grade / Score / Tips / Bypasses to a presented CSP. These are to be taken as help to developers only, and RapidSec provides no guarantees or warranties for this tool. If you are looking to automate the deployment of Content-Security-Policy (CSP), along with other important security controls (SameSite, Security headers), you can use RapidSec.com .
- (2021-01-14) Maor Fridman: Awesome and seamless experience.
- (2020-12-30) Vadim Zak: Excellent tool! helped me patch several nasty security holes...
- (2020-12-29) Ido Azran: Amazing, been looking for something like that for weeks! Really easy to highly recommended. Thank you.
- (2020-12-29) Ido Yablonka: Strong, very useful and helpful - well done!
- (2020-12-21) VINAY PUPPAL: Super helpful extension! Finding edge cases in CSP is definitely annoying, but this saved me a lot of time to create best possible CSP for my site.
- (2020-12-21) Дмитрий Гусев: It was a great experience to build and test my app CSP policy using this smart tool. The description of directives and configuration is awesome!
- (2020-12-20) Alessandro Magionami: Used it to improve both my knowledge of CSP and the CSP configuration of my small application. Great explanations of each directive of the header.
- (2020-12-20) Shai Alon: CSP scanner is the best way to evaluate a site’s content-security-policy and check if it actually protects against XSS, Clickjacking and data exfiltration. It was really amazing using the extension to see just how vulnerable most sites are to CSP bypasses - or worse, don’t have a CSP protecting their site at all!