Advanced CSP Evaluator

About

Advanced CSP Evaluator is a powerful security auditing tool that fetches and analyzes the Content-Security-Policy (CSP) headers of any public domain — giving you a clear security grade, a full directive breakdown, and a prioritized list of vulnerabilities in seconds.

Whether you're a security engineer hardening a production app, a developer shipping a new release, or a researcher auditing third-party sites, this extension turns raw CSP headers into actionable insight.

━━━ KEY FEATURES ━━━

🛡️ Security Grading
Receive an A–F grade and a 0–100 score based on CSP best practices, weighted by directive strength and risk exposure.

🔍 Directive Breakdown
See every CSP directive in use — default-src, script-src, style-src, frame-ancestors, and more — with plain-English explanations of what each one does and how it's configured.

🚨 Vulnerability Detection
Automatically flags common CSP weaknesses, including:
 • 'unsafe-inline' and 'unsafe-eval' usage
 • Wildcard sources (*) and overly permissive origins
 • Missing critical directives (object-src, base-uri, frame-ancestors)
 • Report-Only mode that isn't actually enforced
 • Insecure schemes (http:, data:, blob:) where they shouldn't appear

📊 Additional Security Headers
Beyond CSP, the extension surfaces the status of related headers like Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy.

📝 Raw Header View
Inspect the full, unmodified CSP header exactly as the server returned it — perfect for debugging or sharing with your team.

⚡ One-Click Analysis
Just enter a domain (or analyze the active tab) and get a complete report instantly. No accounts, no tracking, no data leaves your browser beyond the HTTP request to the target site.

━━━ WHO IT'S FOR ━━━

• Web developers verifying their CSP deployment
• Security engineers performing application audits
• Penetration testers and bug bounty hunters
• DevOps teams reviewing release readiness
• Educators teaching web security concepts