When generating a Content-Security-Policy (CSP) without prior experience, it’s very easy and common to make mistakes that may break the site.
CSP Scanner helps your inspect and evaluate a site’s Content Security Policy (CSP), and understand wether it serves as a strong mitigation against client-side attacks like XSS, Clickjacking, Formjacking, Magecart and more.
The CSPscanner.com tool is based in a best-practice-enforced mindset, developed after years of experience with the Content-Security-Policy (CSP) technology and how to use it in order to most effectively block client-side attacks.
Be sure to also use the CSP Scanner Chrome Extension in order to easily evaluate any site (even one that requires login).
If you are looking to automatically generate a strong Content-Security-Policy for your webapp/website, and get a free report-uri, we recommend using RapidSec.com.