[研究]CSP弱點線上檢測網站 - CSP Evaluator

[研究]CSP弱點線上檢測網站 - CSP Evaluator

2025-07-10

CSP Evaluator 網站

https://csp-evaluator.withgoogle.com/

CSP Evaluator allows developers and security experts to check if a Content Security Policy (CSP) serves as a strong mitigation against cross-site scripting attacks. It assists with the process of reviewing CSP policies, which is usually a manual task, and helps identify subtle CSP bypasses which undermine the value of a policy. CSP Evaluator checks are based on a large-scale study and are aimed to help developers to harden their CSP and improve the security of their applications. This tool (also available as a Chrome extension) is provided only for the convenience of developers and Google provides no guarantees or warranties for this tool.

CSP 評估器可協助開發者和安全專家檢查內容安全策略 (CSP) 是否能夠有效緩解跨站腳本攻擊。它能夠協助審核 CSP 策略（這通常是一項手動任務），並有助於識別那些可能損害策略價值的微妙 CSP 繞過方法。 CSP 評估器的檢查是基於一項大規模研究，旨在幫助開發者強化 CSP 並提高其應用的安全性。此工具（也可作為 Chrome 擴充功能）僅為方便開發者而提供，Google 不對此工具提供任何擔保或保證。

(完)