cSPY - SecurityHeader Scanner di VaultOcean
Advanced security header scanner with CSP analysis, multi-engine scoring, actionable recommendations, and PDF report export. Zero external requests â all analysis runs locally.
48 utents48 utents
Metadâts de estension
Informazions su la estension
CSPy is a professional-grade browser extension that audits HTTP security headers in real time. Built for developers, penetration testers, and security researchers.
WHAT IT DOES
⢠Scans every HTTP response header on any website
⢠Deep Content-Security-Policy (CSP) directive-by-directive analysis
⢠Detects missing, weak, or misconfigured headers (HSTS, X-Frame-Options, CORS, Referrer-Policy, Permissions-Policy, COOP, COEP, CORP, cookies)
⢠Grades security posture from A+ to F with a 0â100 score
MULTI-ENGINE CONSENSUS
⢠Three independent scoring engines: CSPy, Google CSP Evaluator, and Mozilla Observatory
⢠Cross-validates results â when engines agree, confidence is high
ACTIONABLE RECOMMENDATIONS
⢠Every finding includes a plain-English fix
⢠Copy-paste server configurations for nginx, Apache, Express, Django, Cloudflare Workers, and Vercel
⢠Prioritised by severity â fix what matters first
EXPORT & REPORTING
⢠Professional PDF report with cover page, executive summary, recommendations, and raw headers
⢠HTML, JSON, and Markdown (bug bounty) export formats
⢠Ready for stakeholder presentations or HackerOne/Bugcrowd submissions
ADDITIONAL TOOLS
⢠Auto-generate a working CSP from observed network traffic
⢠Infrastructure fingerprinting (CDN, WAF, hosting, framework detection)
⢠DOM audit (missing SRI, mixed content, unsafe iframes)
⢠Per-request security grading for all sub-resources
PRIVACY
⢠Zero external network requests â all analysis runs entirely in your browser
⢠No data collection, no telemetry, no accounts
⢠Open-source analysis engine
Built by VaultOcean â https://vaultocean.com
WHAT IT DOES
⢠Scans every HTTP response header on any website
⢠Deep Content-Security-Policy (CSP) directive-by-directive analysis
⢠Detects missing, weak, or misconfigured headers (HSTS, X-Frame-Options, CORS, Referrer-Policy, Permissions-Policy, COOP, COEP, CORP, cookies)
⢠Grades security posture from A+ to F with a 0â100 score
MULTI-ENGINE CONSENSUS
⢠Three independent scoring engines: CSPy, Google CSP Evaluator, and Mozilla Observatory
⢠Cross-validates results â when engines agree, confidence is high
ACTIONABLE RECOMMENDATIONS
⢠Every finding includes a plain-English fix
⢠Copy-paste server configurations for nginx, Apache, Express, Django, Cloudflare Workers, and Vercel
⢠Prioritised by severity â fix what matters first
EXPORT & REPORTING
⢠Professional PDF report with cover page, executive summary, recommendations, and raw headers
⢠HTML, JSON, and Markdown (bug bounty) export formats
⢠Ready for stakeholder presentations or HackerOne/Bugcrowd submissions
ADDITIONAL TOOLS
⢠Auto-generate a working CSP from observed network traffic
⢠Infrastructure fingerprinting (CDN, WAF, hosting, framework detection)
⢠DOM audit (missing SRI, mixed content, unsafe iframes)
⢠Per-request security grading for all sub-resources
PRIVACY
⢠Zero external network requests â all analysis runs entirely in your browser
⢠No data collection, no telemetry, no accounts
⢠Open-source analysis engine
Built by VaultOcean â https://vaultocean.com
Valutât 5 di 1 recensôr
Permès e dâts
Permès obligatoris:
- Discjariâ files, lei e modificâ la cronologjie dai discjamâts dal navigadôr
- Mostrâti notifichis
- Acedi aes schedis dal navigadĂ´r
- Acedi ai tiei dâts di ducj i sÎts web
Permès facoltatÎfs:
- Acedi ai tiei dâts di ducj i sÎts web
Racuelte dâts:
- Il svilupadôr al declare che cheste estension no domande la racuelte di dâts.
Altris informazions
- Colegaments component adizionâl
- Version
- 2.0.0
- Dimension
- 135,47 kB
- Ultin inzornament
- 2 napja (2026. jĂşn. 5.)
- Categoriis coreladis
- Licence
- Licence MIT
- Informative su la riservatece
- Lei la informative su la riservatece par chest component adizionâl
- Cronologjie versions
- Zonte ae racuelte