Best Content-Security-Policy tool to validate and check XSS, Clickjacking & Formjacking protection grade and to detect CSP bypasses.
CSP Scanner allows developers and security experts to easily inspect a site’s Content Security Policy (CSP) and understand wether it serves as a strong mitigation against client-side attacks like XSS, Clickjacking, Formjacking, Data Exfiltration and more.
The extension runs with the same logic as CSPscanner.com tool, and is built combining years of cumulative best practice with the Content-Security-Policy technology and how to most effectively block client-side attacks.
The tool may suggest a Grade / Score / Tips / Bypasses to a presented CSP. These are to be taken as help to developers only, and RapidSec provides no guarantees or warranties for this tool.
If you are looking to automate the deployment of Content-Security-Policy (CSP), along with other important security controls (SameSite, Security headers), you can use RapidSec.com .