CentralCSP
Register

Content-Security-Policy Scanner

Scan your CSP and assess your security posture, compliance and adherence to industry best practices.

Scan Your Website

Enter your website URL to analyze its Content Security Policy configuration.

Get started now by providing your website URL and launch the scan!

Your website is not yet online?
Try our CSP Evaluator

Get started with three simple steps

Our CSP Scanner helps you identify vulnerabilities and improve your website's security with a straightforward approach.

1

Enter Your Website URL or your policy

Simply enter your website URL or your policy in our scanner and we'll automatically fetch and analyze your security headers.

2

Review Your Results

Get a comprehensive analysis of your CSP implementation with detailed scores and vulnerability reports.

3

Correct your configuration

Follow our actionable recommendations to strengthen your Content Security Policy and improve your security posture.

Guided CSP Improvement

Get clear, actionable steps to enhance your Content Security Policy

Prioritized Actions

Our scanner analyzes your CSP configuration and provides a prioritized list of improvements, starting with the most critical security enhancements.

Clear Instructions

Each action comes with detailed explanations and step-by-step guidance to help you implement the changes correctly.

Progress Tracking

Track your progress as you implement each improvement, with visual indicators showing pending actions.

Best Practices

Follow industry best practices with our recommendations based on the latest CSP standards and security guidelines.

After scanning your website, we analyze your CSP configuration and generate a personalized list of improvements. Each action is prioritized based on security impact and implementation complexity, helping you strengthen your security posture step by step.

How it works ?

Our scanner analyzes your website's headers and content to identify all implemented CSP directives and security headers.

  • 1

    Enter Your Website

    Enter your website URL and our scanner will automatically fetch and analyze your site's security configuration.

  • 2

    Analyze Security Headers

    Our scanner identifies potential security vulnerabilities, including JSONP endpoints, unsafe directives, and misconfigured headers.

  • 3

    Identify Vulnerabilities

    We provide clear, prioritized recommendations to fix vulnerabilities and improve your security posture.

  • 4

    Review Detailed Report

    Get comprehensive reports with security scores, compliance ratings, and best practice evaluations.

Content-Security-Policy
font-src
https://fonts.gstatic.com
https://geolocation.onetrust.com
'self'
default-src
'self'
,

Overall Score

Combined assessment of security, compliance, and best practices

0
Moderate Implementation

Next Actions

Set the directive frame-ancestors to 'none'
Set the directive 'base-uri' to 'self'
Add a Content-Security-Policy header to enforce the CSP.
Ensure the reporting endpoint URL is properly quoted with double quotes (e.g., endpoint-name="https://example.com").

Security

0 / 100

Multiple security vulnerabilities found in CSP configuration.

Compliance

0 / 100

Several compliance gaps found in CSP implementation.

Best Practices

0 / 100

Good practices overall but some optimizations possible.

Scoring

Our comprehensive scoring system evaluates your website's security posture across multiple dimensions.

  • 1

    Security Score

    Evaluates your protection against CSP bypasses and common vulnerabilities, identifying potential security gaps in your defenses.

  • 2

    Compliance Score

    Measures alignment with PCI DSS v4.0 requirements and other industry standards to ensure your CSP meets regulatory obligations.

  • 3

    Best Practice Score

    Assesses adherence to current CSP best practices, combining security expertise and implementation recommendations for optimal protection.

Detailed Findings Analysis

Our scanner provides comprehensive analysis of security misconfigurations with actionable recommendations.

  • 1

    Vulnerability Identification

    Precisely identifies CSP misconfigurations and vulnerabilities with severity ratings to help you prioritize remediation efforts.

  • 2

    Impact Assessment

    Explains the potential security impact of each finding, helping you understand the real-world risks to your application and users.

  • 3

    Actionable Recommendations

    Provides specific, implementable fixes for each vulnerability with code examples to strengthen your Content Security Policy.

CriticalSecurity

Recommendation

Remove the 'www.google-analytics.com' from script-src. Or define a more restrictive value that prevents this JSONP bypass.

Impact

Someone could use the script below to bypass the Content-Security-Policy header and execute arbitrary code.

Bypass

Example of CSP bypass using JsonP on www.google-analytics.com

<script src="https://www.google-analytics.com/debug/api/vtinfo?gtm_auth=a-0uanYFkML7e3v7Vmxpwg&env_id=env-8&public_id=GTM-TWMCBFD&templates=&callback=alert"></script>
Learn More

Start Securing Your Website Today

Don't wait for a security breach. Scan your website now and get actionable insights to strengthen your security posture.

Scan Your Website