Policy EvaluatorFree

Evaluate your website's Content Security Policy for security misconfigurations and recommendations:

Content Security Policy CSP Evaluator

Sample Evaluator Results

background waves

What is Evaluator?

Evaluator is a free online tool for scanning and analyzing the content security policy of any website. It looks for security misconfigurations and gives recommendations.

Evaluator makes an HTTP request to the specified webserver and grabs any policies in the Content-Security-Policy or Content-Security-Policy-Report-Only headers or meta tag.

The policy is then parsed and recommendations are generated.

What does it look for

Evaluator currently supports 30+ unique tests including:

  • Unknown CSP Directives
  • Unknown CSP Source Expressions
  • Usage of unsafe keywords
  • Missing quotes on keyword
  • Invalid use of IP address
  • Missing Best Practices
  • Duplicate Entries
  • Parsing Issues
  • Unrestrictive source on high impact directives
  • Missing high impact directives
  • Short nonces
  • And more