How to find out if a Site has a Content Security Policy (CSP) deployed

Follow
Gus Anderson

How to find out if a Site has a Content Security Policy (CSP) deployed

There are a few methodologies to do so. 

First keep in mind that CSP’s are deployed via a Response Header and/or Meta Tag and that will affect how you can visualize the deployed CSP.

  1. Response Header OPTION #1
    1. Utilize Google Chrome Developer Tools
    2. Go to the website of choice, open up Google Chrome Developer Tools
    3. Go to the Network Tab (#1)
    4. Look for first party delivered object, i.e. usually first on list in the Network TAB (#2)
    5. Look for a 200 OK Response item (#3)
    6. Scroll down to the Response Header Section (#4)
    8. See CSP in Response Header, IF Present
  2. Response Header – Option #2
    1. There is a Browser Extension Chrome that will automatically pull in the CSP (only the Response Header based CSP – Not the Meta Tag Version) Called the “CSP Evaluator”
    2. BE cautious – you do give extensions some clear access to your web data.
  3. Meta Tag
    1. Right click a blank area on the Site in Chrome
    2. Select ”View Page Source”
    4. When new Source window is opened, CTRL F to Find, Search on Content-Security-Policy to find Meta Tag based CSP (IF PRESENT)

All the best, Gus 

Gus Anderson

gus.anderson@bluetriangle.com 

If you'd like any help at all - reach out to support@bluetrriangle.com or directly to me.

 

0

Comments

0 comments

Please sign in to leave a comment.

Didn't find what you were looking for?

New post