CSP Evaluator
Item media 2 screenshot
Item media 1 screenshot
Item media 2 screenshot
Item media 1 screenshot
Item media 1 screenshot
Item media 2 screenshot


CSP Evaluator is a tool that allows developers to check if a Content Security Policy (CSP) serves as mitigation against XSS attacks.

CSP Evaluator is a small tool that allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. Reviewing CSP policies is usually a very manual process and most developers are not aware of CSP bypasses. CSP Evaluator checks are based on a large-scale empirical study and are aimed to help developers to harden their CSP. This tool is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.

3.1 out of 525 ratings

Google doesn't verify reviews. Learn more about results and reviews.

Review's profile picture

Barbara RenowdenMar 21, 2024

I have a CSP but this doesn't detect it. So disappointed.

Review's profile picture

Helio BentesApr 17, 2023

It doesn't detect meta CSP and it doesn't say anything about it on the description

4 out of 4 found this helpful
Review's profile picture

Serghei IakovlevApr 17, 2023

For some unknown reason, when the extension was enabled, my browser sent additional requests to the sites. As a result, I lost a lot of hours debugging my site and trying to find the cause of the duplicate requests. As soon as I turned off the extension, the problem disappeared.


  • Version
  • Updated
    November 19, 2020
  • Offered by
    Lukas Weichselbaum
  • Size
  • Languages
  • Developer
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.


The developer has disclosed that it will not collect or use your data.

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes


For help with questions, suggestions, or problems, visit the developer's support site

Google apps