csp-evaluator
CSP Evaluator csp-evaluator is the open-source JS tool for parsing and scoring CSP headers, simulating browser enforcement to flag violations like unsafe-inline or missing report-to in policy audits. Paste headers into its engine for instant grades with directive breakdowns, exporting for docs. From report-uri, it's the policy proofreader for pentesters grading CSP effectiveness against threats.
Explore →csp-analyzer
CSP Analyzer csp-analyzer is the Python debugger that dissects CSP directives from headers, color-coding risks like wildcard sources for quick misconfig spotting in web reviews. Fetch via requests and parse with its lib, outputting visualized reports for remediation. Open-source from gwen001, it's the CSP colorist for auditors templating header validations.
Explore →cspparse
CSPParse cspparse leverages Google's API to evaluate CSP policies, validating sources and reporting gaps like deprecated frame-ancestors in automated audits. Query URLs via CLI for ReconJSON outputs, integrating with scanners for hybrid checks. Open-source from lc, it's the CSP clarifier for analysts templating policy validations into recon.
Explore →securityheaders
SecurityHeaders securityheaders includes CSP validation in its header scanner, checking nonce usage and source lists against OWASP baselines with detailed compliance breakdowns. Run the Python script on domains for JSON summaries, scripting batch checks. Open-source from koenbuyens, it's the header harmonizer for web pros enforcing CSP standards.
Explore →csp-validator
CSP Validator csp-validator is the Node.js CLI for parsing and scoring CSP headers against Mozilla baselines, detecting unsafe defaults with fix suggestions. Point it at endpoints for JSON reports, integrating into tests. Open-source from community, it's the directive detective for teams templating CSP compliance audits.
Explore →burp-csp-extension
Burp CSP Extension burp-csp-extension is the Burp Suite plugin for CSP analysis, passively scanning headers during proxy sessions to flag weak policies or violations inline. Install via BApp Store, review alerts for custom rules. Open-source from jpiechowka, it's the proxy policy proctor for pentesters validating CSP in traffic.
Explore →csp-enforcer
CSP Enforcer csp-enforcer is the Go tool for runtime CSP validation, simulating browser enforcement to test policy impacts like blocked resources in header configs. Run via CLI on sites for simulated loads, logging infractions. Open-source from PortSwigger, it's the enforcer emulator for devs debugging CSP pre-deploy.
Explore →csp-analyzer-tool
CSP Analyzer Tool csp-analyzer-tool is the extensible Python framework for dissecting CSP headers, validating sources with custom regex for nonce checks in detailed audits. Scan batches via CLI, integrating with ZAP for hybrid scans. Open-source from security-research, it's the source scrutinizer for pentesters templating CSP dissections.
Explore →report-uri-csp-evaluator
Report-URI CSP Evaluator report-uri-csp-evaluator is the JS evaluator for CSP scoring with XSS mitigations, directive breakdowns for report-only testing in policy tweaks. Paste into its engine for grades, exporting for docs. Open-source from report-uri, it's the evaluator educator for analysts grading CSP against threats.
Explore →csp-inline-evaluator