Validates Content-Security-Policy header configuration
This checker validates the Content-Security-Policy header for presence and security configuration, flagging policies containing unsafe directives that weaken XSS protection. The checker retrieves the Content-Security-Policy header from HTTP response, analyzes the policy for unsafe directives (unsafe-inline, unsafe-eval), and validates policy syntax and configuration.
This checker validates the Content-Security-Policy header for presence and security configuration, flagging policies containing unsafe directives that weaken XSS protection. It retrieves the Content-Security-Policy header from HTTP response, analyzes the policy for unsafe directives (unsafe-inline, unsafe-eval), and validates policy syntax and configuration.
| Status | Condition | Test Logic |
|---|---|---|
| SUCCESS | CSP header present and secure | CSP header found with no unsafe directives |
| WARNING | CSP contains unsafe directives | Header present but contains unsafe-inline or unsafe-eval |
| FAIL | Missing CSP header | No Content-Security-Policy header found |
XSS Attacks: Missing or weak CSP policies leave your site vulnerable to cross-site scripting attacks. Data Theft: Malicious scripts can steal user data, session tokens, and sensitive information. Reputation Damage: Security breaches can severely damage your brand reputation and user trust.
Add this checker to your monitoring setup and start identifying issues on your websites today.