┌──(root㉿IHA089)-[/Toolkit/Security Headers & Config Testing/Content Security Policy Validators]
└─#
csp-analyzer
CSP Analyzer csp-analyzer is the Python tool that prettily dissects Content-Security-Policy headers from URLs, color-coding directives for severity to spot unsafe-eval or wildcard risks in configs. Fetch headers via requests lib, parse with its engine, and output visualized breakdowns for quick audits. Open-source from gwen001, it's the CSP colorist for pentesters grading policy palettes against best practices.
Explore →cspparse
CSPParse cspparse evaluates CSP headers using Google's API for ReconJSON outputs, validating directives like script-src for violations or coverage gaps in security audits. Query URLs via CLI, integrating with scanners for automated policy reviews. Open-source from lc, it's the CSP clarifier for analysts templating header validations into recon workflows.
Explore →securityheaders
SecurityHeaders securityheaders scans sites for CSP and other headers, validating nonce usage and source lists against OWASP baselines with detailed reports on misconfigurations. Run the Python script on domains for JSON summaries, scripting for batch compliance checks. Open-source from koenbuyens, it's the header harmonizer for web security pros enforcing CSP standards systematically.
Explore →Security-Headers-Validator
Security Headers Validator Security-Headers-Validator detects missing or deprecated CSP directives, scoring policies for risks like inline scripts in automated header audits. Configure via Python CLI for custom rules, outputting warnings for remediation. Open-source from balpars, it's the policy proofreader for devs templating secure CSP configs in CI pipelines.
Explore →security-headers-tool
Security Headers Tool security-headers-tool checks CSP for approved sources and explanations, flagging unsafe defaults in a simple Python scanner for quick site reviews. Run on URLs for console outputs with significance notes, extending for custom validations. Open-source from Cipherkrish69x, it's the CSP commentator for beginners auditing headers with guided insights.
Explore →burp-security-headers-checker
Burp Security Headers Checker burp-security-headers-checker is the Burp extension that passively scans for CSP issues like missing report-uri during proxy sessions, alerting on weak policies inline. Install via BApp Store, review findings in the scanner tab for fixes. Open-source from jpiechowka, it's the proxy policy proctor for pentesters validating CSP in real-time traffic.
Explore →csp-validator
CSP Validator csp-validator is the Node.js CLI for parsing and scoring CSP headers against Mozilla baselines, detecting nonce mismatches or unsafe-inline risks with fix suggestions. Point it at endpoints for JSON reports, integrating into tests for automated checks. Open-source from community, it's the directive detective for security teams templating CSP compliance audits.
Explore →csp-enforcer
CSP Enforcer csp-enforcer is the Go tool for runtime CSP validation, simulating browser enforcement to test policy violations like blocked resources in header configs. Run via CLI on sites for simulated loads, logging infractions for tuning. Open-source from PortSwigger, it's the enforcer emulator for devs debugging CSP impacts pre-deploy.
Explore →report-uri-csp-evaluator
Report-URI CSP Evaluator report-uri-csp-evaluator is the open fork of Google's CSP tool, scoring policies for XSS mitigations with directive breakdowns for report-only testing. Paste headers into its JS engine for instant grades, exporting for docs. Open-source from report-uri, it's the evaluator educator for analysts grading CSP effectiveness against threats.
Explore →csp-analyzer-tool