CSP Evaluator
CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.
What is CSP Evaluator?
Stats
Chrome-Stats Rank
Other platforms
Summary
CSP Evaluator is a small tool that allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. Reviewing CSP policies is usually a very manual process and most developers are not aware of CSP bypasses. CSP Evaluator checks are based on a large-scale empirical study and are aimed to help developers to harden their CSP. This tool is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.
User reviews
User reviews summary
Pros
- Helped in crafting CSP policies
- Useful in debugging CSP issues
Cons
- Doesn't detect meta CSPs
- Caused additional requests to websites
- Crashes in some versions of Chrome
Most mentioned
- Doesn't detect CSP in meta tags
- No CSP detected on any webpage
- Caused additional requests to websites
- Crashes in some versions of Chrome
Recent reviews
Safety
Risk impact
CSP Evaluator is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this extension. Review carefully before installing. We recommend that you only install CSP Evaluator if you trust the publisher.
Risk likelihood
CSP Evaluator has earned a fairly good reputation and likely can be trusted.
Screenshots
Similar extensions
Here are some Chrome extensions that are similar to CSP Evaluator: