This tutorial will explain how to check if CSP header is enabled on your website. At the end of this post, you will be able to know whether your website exhibits Content Security Policy (CSP) header or not. CSP is an additional security layer that prevents certain types of security attacks on your website like Cross Site Scripting, code injection, click-jacking, and so on. It actually instructs your browser to load web content from the allowed sources only. These attacks are very dangerous as they can lead to data theft, malware distribution, and even website defacement. So, to know if your website is vulnerable to these attacks, you can check the CSP header availability first.
There are many online applications available which can be used to do check CSP header support for any website. To ease up things a little for you, I will explain 5 free online applications which can be used to check Content Security Policy header of your website.
HTTP Security Report:
HTTP Security Report is one of the best online applications to check if CSP header is enabled on your website. You can enter any website URL and then get the CSP status instantly. Apart from Content Security Policy, it also shows report for HSTS, SSL/TLS, HPKP, and more. To know how it works, simply follow the steps below.
Step 1: First, open up “HTTP Security Report” website on your browser and in the main window there will be an input field. Now, you would need to enter website URL in it to proceed.
Step 2: After you do that, click on the “Analyze” button associated with the input field. As soon as you do that, this application will analyze your website and find out whether it contains the CSP header or not.
SecurityHeader is another free application which can help you test the CSP header status of your website online. You can type any website URL and then it will show you the CSP status automatically. In addition to Content Security Policy, it also analyzes other aspects of your website like HSTS, Referrer Policy, XSS Protection, etc. You can follow the below steps to check the CSP status.
Step 1: To get started, you would need to open the homepage of Security Header. Then enter the website URL in the search bar.
Step 2: When you do that, simply go ahead and click on the “Scan” button. This will make this application process the website and then show you the CSP header status. If it is not enabled on your website, then it will simply show a cross with the option.
CSP Analyzer is also one of the best online applications which can help you test the Content Security Policy status of your website for free. All you need is to enter the website URL and it will automatically show the report for CSP header. This application can only be used for checking CSP status. To do this, go through the following steps.
Step 1: After you visit the homepage of “CSP Analyzer”, you would need to enter the website address in the search bar. Once done, click on the “Analyze” button on the right.
Step 2: After you do that, this application will start analyzing your website and then instantly show you the CSP status. It will simply tell whether it was able to find the Content Security Policy or not.
Web Server Security Test:
Web Server Security Test is another free online application to check if your website contains the CSP header. It not only shows the CSP status, but also the status of other components like XSS Protection, X-Frame Options, HSTS, and more. Now, you can follow the below steps to check your website’s CSP status.
Step 1: When you open up the homepage of this application, you will see a search bar at the top. Now, simply enter your website link in the search bar to proceed.
Step 2: After you do that, click on the “Play” button on the right side of the search bar. Then it will analyze the website and show you the CSP status. If it is not enabled on your website, then it will simply say “The header was not sent by the server”.
CSP Validator can also be used to test the CSP header status of any website. Similar to “CSP Analyzer”, the only purpose of this online application is to validate and check the CSP header status of any website. For this, you can go through the steps mentioned below.
Step 1: When you open up “CSP Validator” on your browser, you will see an input field under the “Validate Headers” section. Simply, enter the website URL in the input field for which you want to check the CSP status.
Step 2: Then click on the “Go” button, to process the website. After you do that, it will simply show the CSP header status. Let’s say your website doesn’t have it, then it will simply say that “no CSP headers found at your website”.
These are some of the best online application which can help you easily check if your website contains CSP header. Personally, I like each of these websites as they effortlessly do what they are supposed to. So, if you would like to check if your site is protected from attacks like data injection, click-jacking, etc., then go ahead and start using any of these applications.