CSP Evaluator

CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.

What is CSP Evaluator?

The 'CSP Evaluator' is a Chrome extension tailored for developers and security experts to evaluate if a Content Security Policy (CSP) serves as a robust protection against cross-site scripting (XSS) attacks. It automates the review process of CSP policies, spreading awareness about CSP bypasses, and encourages developers to strengthen their CSP.

Download

Extension stats

By: Lukas Weichselbaum

View on Chrome Web Store

Users: 20,000+

Rating: 2.97 (29) ▼ 0.07

Version: 0.3.2 (Last updated: 2024-07-13)

Creation date: 2020-04-16

Risk impact: High risk impact

Risk likelihood: Moderate risk likelihood

Manifest version: 3

Permissions:

storage
webRequest

Host permissions:

<all_urls>

Size: 304.13K

Email: lw*****@google.com

Ranking

# 6789 ▼ 16

Other rankings

#6612 in Developer Tools ▼ 29 #38 in policy keyword 8 ▲ 1 #239 in security keyword 35 ▲ 27

Other platforms

Not available on Firefox

Not available on Edge

Want to check extension ranking and stats more quickly for other Chrome extensions? Install Chrome-Stats extension to view Chrome-Stats data as you browse the Chrome Web Store.

Extension summary

Analyze keywords

CSP Evaluator is a small tool that allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. Reviewing CSP policies is usually a very manual process and most developers are not aware of CSP bypasses. CSP Evaluator checks are based on a large-scale empirical study and are aimed to help developers to harden their CSP. This tool is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.

User reviews

These summaries are automatically generated weekly using AI based on recent user reviews. Chrome Web Store does not verify user reviews, so some user reviews may be inaccurate, spammy, or outdated.

Pros

Works in Edge
Saved users some headaches when configuring CSP

Cons

Doesn't detect meta CSP
Keeps crashing in Chrome 104
Doesn't detect CSP on any webpage
Causes duplicate requests in the browser

Most mentioned

Doesn't detect meta CSP
Keeps crashing in Chrome 104
Doesn't detect CSP on any webpage

User reviews

extension stopped working :(

Evan Tirta, 2024-11-14

This extension stopped working for me in the past couple months in the Brave browser. I recently disabled, removed, and reinstalled and it's working again. For those who are having trouble with it working, give the reinstall a try.