https://github.com/yandex/csp-tester
This extension helps web masters to test web application behaviour with Content Security Policy (CSP) ver. 1.0 implemented.
https://github.com/yandex/csp-tester
Last synced: 3 days ago
JSON representation
This extension helps web masters to test web application behaviour with Content Security Policy (CSP) ver. 1.0 implemented.
- Host: GitHub
- URL: https://github.com/yandex/csp-tester
- Owner: yandex
- License: gpl-2.0
- Created: 2013-07-13T21:10:13.000Z (almost 12 years ago)
- Default Branch: master
- Last Pushed: 2018-09-02T19:21:36.000Z (over 6 years ago)
- Last Synced: 2025-03-25T23:51:21.327Z (20 days ago)
- Language: JavaScript
- Homepage:
- Size: 35.2 KB
- Stars: 56
- Watchers: 12
- Forks: 7
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-frontend-security - CSP Tester - Browser extension for testing Content Security Policy (CSP). (Headers / Content-Security-Policy)
README
# CSP Tester
This extension helps web masters to test web application functionality
with [Content Security Policy (CSP)](https://www.w3.org/TR/CSP2/) version 2.0 implemented.
You can install CSP Tester from [Chrome Web Store](https://chrome.google.com/webstore/detail/csp-tester/ehmipebdmhlmikaopdfoinmcjhhfadlf)
Typical workflow looks like:
1. Open the extension window
2. Add into the URL Pattern a regular expression for the site that you want to test, for example `*://yoursite.com/*` (CSP Tester uses [Chrome Match Patterns](https://developer.chrome.com/extensions/match_patterns))
3. Tick the e.g. "self" checkbox, check "Active" and Save the changes
4. Open the Developer Tools and navigate to the tested site
5. Confirm a number of CSP violations reported in the Developer Tools Console as well as possible visual changes
6. Make changes in the policy based on these reports
To analyze CSP logs you can use [CSP Reporter](https://oxdef.info/csp-reporter)