CSP Evaluator

CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.

CSP Evaluator: XSS Attack Mitigation Tool

The 'CSP Evaluator' is a Chrome extension tailored for developers and security experts to evaluate if a Content Security Policy (CSP) serves as a robust protection against cross-site scripting (XSS) attacks. It automates the review process of CSP policies, spreading awareness about CSP bypasses, and encourages developers to strengthen their CSP.
Install from Chrome Web Store

Extension stats

Users: 20,000+
Rating: 2.97
(29)
Version: 0.3.2 (Last updated: 2024-07-13)
Creation date: 2020-04-16
Risk impact: High risk impact
Risk likelihood:
Manifest version: 3
Permissions:
  • storage
  • webRequest
Host permissions:
  • <all_urls>
Size: 304.13K

Other platforms

Not available on Android
Not available on Firefox
Not available on Edge
Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

CSP Evaluator is a small tool that allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. Reviewing CSP policies is usually a very manual process and most developers are not aware of CSP bypasses. CSP Evaluator checks are based on a large-scale empirical study and are aimed to help developers to harden their CSP. This tool is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.

User reviews

These summaries are automatically generated weekly using AI based on recent user reviews. Chrome Web Store does not verify user reviews, so some user reviews may be inaccurate, spammy, or outdated.
Pros
  • Saved users time in setting up CSP correctly
  • Works in various browsers, including Edge
Cons
  • Frequently stops working or crashes, especially in Chrome and Brave
  • Does not detect meta CSPs, which is a significant limitation
  • Issues with detecting CSP on any webpage
Most mentioned
  • Stopped working or crashes
  • Does not detect meta CSP
  • No CSP detected on any webpage
User reviews
extension stopped working :(
by Evan Tirta, 2024-11-14

This extension stopped working for me in the past couple months in the Brave browser. I recently disabled, removed, and reinstalled and it's working again. For those who are having trouble with it working, give the reinstall a try.
by Kirk Solar, 2024-11-04

Was great until it stopped working for me. Please fix and I'll change my rating
by Josh Barber, 2024-09-13
View all user reviews

Extension safety

Risk impact

CSP Evaluator requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk likelihood

CSP Evaluator is probably trust-worthy. Prefer other publishers if available. Exercise caution when installing this extension.

Upgrade to see risk analysis details

Similar extensions

Here are some Chrome extensions that are similar to CSP Evaluator: