#3.12 / 25 rate

CSP Evaluator

20,000 users

2020-04-16

Lukas Weichselbaum

[email protected]...

Extension Information

5 star

24%

4 star

18%

3 star

2 star

1 star

58%

Supported Languages

Permissions

Hot Permissions

Description

CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.

CSP Evaluator is a small tool that allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. Reviewing CSP policies is usually a very manual process and most developers are not aware of CSP bypasses.
CSP Evaluator checks are based on a large-scale empirical study and are aimed to help developers to harden their CSP. This tool is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.

Reviews

Barbara Renowden

I have a CSP but this doesn't detect it. So disappointed.

Helio Bentes

It doesn't detect meta CSP and it doesn't say anything about it on the description

Serghei Iakovlev

For some unknown reason, when the extension was enabled, my browser sent additional requests to the sites. As a result, I lost a lot of hours debugging my site and trying to find the cause of the duplicate requests. As soon as I turned off the extension, the problem disappeared.