cSPY - SecurityHeader Scanner par VaultOcean
Advanced security header scanner with CSP analysis, multi-engine scoring, actionable recommendations, and PDF report export. Zero external requests â all analysis runs locally.
48 utilisateurs·trices48 utilisateurs·trices
MĂ©tadonnĂ©es de lâextension
Ă propos de cette extension
CSPy is a professional-grade browser extension that audits HTTP security headers in real time. Built for developers, penetration testers, and security researchers.
WHAT IT DOES
âą Scans every HTTP response header on any website
âą Deep Content-Security-Policy (CSP) directive-by-directive analysis
âą Detects missing, weak, or misconfigured headers (HSTS, X-Frame-Options, CORS, Referrer-Policy, Permissions-Policy, COOP, COEP, CORP, cookies)
âą Grades security posture from A+ to F with a 0â100 score
MULTI-ENGINE CONSENSUS
âą Three independent scoring engines: CSPy, Google CSP Evaluator, and Mozilla Observatory
âą Cross-validates results â when engines agree, confidence is high
ACTIONABLE RECOMMENDATIONS
âą Every finding includes a plain-English fix
âą Copy-paste server configurations for nginx, Apache, Express, Django, Cloudflare Workers, and Vercel
âą Prioritised by severity â fix what matters first
EXPORT & REPORTING
âą Professional PDF report with cover page, executive summary, recommendations, and raw headers
âą HTML, JSON, and Markdown (bug bounty) export formats
âą Ready for stakeholder presentations or HackerOne/Bugcrowd submissions
ADDITIONAL TOOLS
âą Auto-generate a working CSP from observed network traffic
âą Infrastructure fingerprinting (CDN, WAF, hosting, framework detection)
âą DOM audit (missing SRI, mixed content, unsafe iframes)
âą Per-request security grading for all sub-resources
PRIVACY
âą Zero external network requests â all analysis runs entirely in your browser
âą No data collection, no telemetry, no accounts
âą Open-source analysis engine
Built by VaultOcean â https://vaultocean.com
WHAT IT DOES
âą Scans every HTTP response header on any website
âą Deep Content-Security-Policy (CSP) directive-by-directive analysis
âą Detects missing, weak, or misconfigured headers (HSTS, X-Frame-Options, CORS, Referrer-Policy, Permissions-Policy, COOP, COEP, CORP, cookies)
âą Grades security posture from A+ to F with a 0â100 score
MULTI-ENGINE CONSENSUS
âą Three independent scoring engines: CSPy, Google CSP Evaluator, and Mozilla Observatory
âą Cross-validates results â when engines agree, confidence is high
ACTIONABLE RECOMMENDATIONS
âą Every finding includes a plain-English fix
âą Copy-paste server configurations for nginx, Apache, Express, Django, Cloudflare Workers, and Vercel
âą Prioritised by severity â fix what matters first
EXPORT & REPORTING
âą Professional PDF report with cover page, executive summary, recommendations, and raw headers
âą HTML, JSON, and Markdown (bug bounty) export formats
âą Ready for stakeholder presentations or HackerOne/Bugcrowd submissions
ADDITIONAL TOOLS
âą Auto-generate a working CSP from observed network traffic
âą Infrastructure fingerprinting (CDN, WAF, hosting, framework detection)
âą DOM audit (missing SRI, mixed content, unsafe iframes)
âą Per-request security grading for all sub-resources
PRIVACY
âą Zero external network requests â all analysis runs entirely in your browser
âą No data collection, no telemetry, no accounts
âą Open-source analysis engine
Built by VaultOcean â https://vaultocean.com
Noté 5 par 1 personne
Autorisations et données
Autorisations nécessaires :
- TĂ©lĂ©charger des fichiers, et consulter et modifier lâhistorique des tĂ©lĂ©chargements du navigateur
- Vous afficher des notifications
- Accéder aux onglets du navigateur
- Accéder à vos données pour tous les sites web
Autorisations facultatives :
- Accéder à vos données pour tous les sites web
Collecte de données :
- Le dĂ©veloppeur indique que cette extension nâa pas besoin de collecter de donnĂ©es.
Plus dâinformations
- Liens du module
- Version
- 2.0.0
- Taille
- 135,47Â Ko
- DerniĂšre mise Ă jour
- il y a un jour (5 juin 2026)
- Catégories associées
- Licence
- Licence MIT
- Politique de confidentialité
- Lire la politique de confidentialité de ce module
- Historique des versions
- Ajouter Ă la collection