CSP Evaluator

CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.

What is CSP Evaluator?

The 'CSP Evaluator' is a Chrome extension tailored for developers and security experts to evaluate if a Content Security Policy (CSP) serves as a robust protection against cross-site scripting (XSS) attacks. It automates the review process of CSP policies, spreading awareness about CSP bypasses, and encourages developers to strengthen their CSP.

Download

Stats

By: Lukas Weichselbaum

View on Chrome Web Store

Users: 20,000+

Rating: 3.12 (25)

Version: 0.2.1 (Last updated: 2020-11-20)

Creation date: 2020-04-16

Risk impact: High risk impact

Risk likelihood: Low risk likelihood

Manifest version: 2

Permissions:

activeTab
storage
webRequest
*://*/*

Size: 309.25K

Email: lw*****@google.com

URLs: Website

Stats date:

Chrome-Stats Rank

# 6731 ▼ 60

Other rankings

#5360 in Developer Tools ▼ 7 #38 in policy keyword 11 ▼ 2 #214 in security keyword 86 ▲ 24

Other platforms

Not available on Firefox

Not available on Edge

Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Summary

Analyze keywords

CSP Evaluator is a small tool that allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. Reviewing CSP policies is usually a very manual process and most developers are not aware of CSP bypasses. CSP Evaluator checks are based on a large-scale empirical study and are aimed to help developers to harden their CSP. This tool is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.

User reviews

User reviews summary

These summaries are automatically generated weekly using AI based on recent user reviews. Chrome Web Store does not verify user reviews, so some user reviews may be inaccurate, spammy, or outdated.

Pros

Helped in crafting CSP policies
Useful in debugging CSP issues

Cons

Doesn't detect meta CSPs
Caused additional requests to websites
Crashes in some versions of Chrome

Most mentioned

Doesn't detect CSP in meta tags
No CSP detected on any webpage
Caused additional requests to websites
Crashes in some versions of Chrome

Recent reviews

I have a CSP but this doesn't detect it. So disappointed.

Barbara Renowden, 2024-03-21

It doesn't detect meta CSP and it doesn't say anything about it on the description

Helio Bentes, 2023-04-17

For some unknown reason, when the extension was enabled, my browser sent additional requests to the sites. As a result, I lost a lot of hours debugging my site and trying to find the cause of the duplicate requests. As soon as I turned off the extension, the problem disappeared.

Serghei Iakovlev, 2023-04-17

View all user reviews

Safety

Risk impact

CSP Evaluator is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this extension. Review carefully before installing. We recommend that you only install CSP Evaluator if you trust the publisher.