cSPY - SecurityHeader Scanner

Name: cSPY - SecurityHeader Scanner
Rating: 5 (1 reviews)
Author: VaultOcean

Advanced security header scanner with CSP analysis, multi-engine scoring, actionable recommendations, and PDF report export. Zero external requests — all analysis runs locally.

Download

Install

Features & Capabilities

CSPy is a professional-grade browser extension that audits HTTP security headers in real time. Built for developers, penetration testers, and security researchers.

WHAT IT DOES • Scans every HTTP response header on any website • Deep Content-Security-Policy (CSP) directive-by-directive analysis • Detects missing, weak, or misconfigured headers (HSTS, X-Frame-Options, CORS, Referrer-Policy, Permissions-Policy, COOP, COEP, CORP, cookies) • Grades security posture from A+ to F with a 0–100 score

MULTI-ENGINE CONSENSUS • Three independent scoring engines: CSPy, Google CSP Evaluator, and Mozilla Observatory • Cross-validates results — when engines agree, confidence is high

ACTIONABLE RECOMMENDATIONS • Every finding includes a plain-English fix • Copy-paste server configurations for nginx, Apache, Express, Django, Cloudflare Workers, and Vercel • Prioritised by severity — fix what matters first

EXPORT & REPORTING • Professional PDF report with cover page, executive summary, recommendations, and raw headers • HTML, JSON, and Markdown (bug bounty) export formats • Ready for stakeholder presentations or HackerOne/Bugcrowd submissions

ADDITIONAL TOOLS • Auto-generate a working CSP from observed network traffic • Infrastructure fingerprinting (CDN, WAF, hosting, framework detection) • DOM audit (missing SRI, mixed content, unsafe iframes) • Per-request security grading for all sub-resources

PRIVACY • Zero external network requests — all analysis runs entirely in your browser • No data collection, no telemetry, no accounts • Open-source analysis engine

Built by VaultOcean — https://vaultocean.com

User Growth & Download Statistics

Add-on

By:

Daily users:

Rating:

Version:

2.0.0 Last updated: 2026-06-05

Version code:

6293993

Creation date:

2025-06-25

Risk:

Permissions:

Host permissions:

<all_urls>

Content scripts matches:

<all_urls>

Size:

135.47KB

Email:

va*****@gmail.com

URLs:

Full description:

Source:

Firefox Add-ons Store

Data ingested on:

2026-06-19

Compare stats and ranking:

Ranking

# 17,402 ▼ 992

Other rankings

#21 in ad spy keyword 23 ▼ 1

#35 in security keyword 84 ▼ 1

#55 in header keyword 37 ▼ 7

#74 in analysis keyword 19 ▼ 2

#90 in scan keyword 22 ▼ 1

Upgrade to see more rankings

For Developers

Monetize with App Pass Boost with Extension Booster

Contact the developer

Chrome-Stats does not own this Firefox add-on. Please use these information below to contact the Firefox add-on developer.

Developed by:

VaultOcean

Firefox Add-ons Store

https://addons.mozilla.org/firefox/addon/cspy/

Email:

va*****@gmail.com

Permission Change History

2026-06-06: Version 1.0 → 2.0.0

Add Host permissions: <all_urls>

Add Permissions: cookies scripting downloads

Remove Permissions: activeTab webRequestBlocking <all_urls>

Is cSPY - SecurityHeader Scanner Safe?

Risk impact

Risk impact measures the level of extra permissions an extension has access to. A low risk impact extension cannot do much harms, whereas a high risk impact extension can do a lot of damage like stealing your password, bypassing your security settings, and accessing your personal data. High risk impact extensions are not necessarily malicious. However, if they do turn malicious, they can be very harmful.

cSPY - SecurityHeader Scanner requires some sensitive permissions that could impact your browser and data security. Exercise caution before installing.

Risk impact analysis details

Critical Grants access to browser tabs, which can be used to track user browsing habits and history, presenting a privacy concern.
Critical ****** ****** ** *** ********* ****** * *********** ******** **** ** ** *** ******* *** ****** **** **** *** ******* *****
High ****** *** ********* ** ******* *** ******* ******* ** ****** *** *** ******** ******
High ******* ******* **** *** ****** ***** *** ***** ** ******* **** ********* ********* ** * *********** *****
Medium ******* ******* ************* ***** *** ** ******* *** **** ******* ****** ******** *******
Medium ****** ********** ** ******** ********** *** ********* ******* ******** ****** ******** ****** ********

Risk likelihood

Risk likelihood measures the probability that a Firefox add-on may turn malicious. This is determined by the publisher and the Firefox add-on reputation on Firefox Add-ons Store, the amount of time the Firefox add-on has been around, and other signals about the Firefox add-on. Our algorithms are not perfect, and are subject to change as we discover new ways to detect malicious extensions. We recommend that you always exercise caution when installing a Firefox add-on.

cSPY - SecurityHeader Scanner is probably trust-worthy. Prefer other publishers if available. Exercise caution when installing this add-on.

Risk likelihood analysis details

High This extension was recently updated in the past month. New updates may not be stable or safe.
High **** ********* *** *** **** ****** ********* ********** *** *** ** ****** ** *****
Low **** ********* *** ***** **** **** * ****** **** ***** ********** *** **** ****** ** ** ****** *** *****
Good **** ********* *** **** **** *******