csp-evaluator.withgoogle.com
Open in
urlscan Pro
2a00:1450:4001:810::2011
Public Scan
URL:
https://csp-evaluator.withgoogle.com/
Submission: On June 24 via api from ZA — Scanned from DE
Submission: On June 24 via api from ZA — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
CSP EVALUATOR CSP Evaluator allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. It assists with the process of reviewing CSP policies, which is usually a manual task, and helps identify subtle CSP bypasses which undermine the value of a policy. CSP Evaluator checks are based on a large-scale study and are aimed to help developers to harden their CSP and improve the security of their applications. This tool (also available as a Chrome extension) is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool. CONTENT SECURITY POLICY Sample unsafe policy Sample safe policy Paste CSP or URL (starting with http:// or https://) here. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX CSP Version 3 (nonce based + backward compatibility checks) CSP Version 3 CSP Version 2 CSP Version 1 help Select the CSP version your policy should be evaluated against. E.g. CSP Nonces are only supported in CSP v2, a browser only supporting CSP v1 will ignore them. Check CSP * Privacy Policy * Terms of Service