CSP Evaluator

CSP Evaluator allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. It assists with the process of reviewing CSP policies, which is usually a manual task, and helps identify subtle CSP bypasses which undermine the value of a policy. CSP Evaluator checks are based on a large-scale study and are aimed to help developers to harden their CSP and improve the security of their applications. This tool (also available as a Chrome extension) is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.

Content Security Policy

CSP Version 3 (nonce based + backward compatibility checks) CSP Version 3 CSP Version 2 CSP Version 1

Select the CSP version your policy should be evaluated against.

E.g. CSP Nonces are only supported in CSP v2, a browser only supporting CSP v1 will ignore them.