Hacksudo-CSP Headers Checker by Hacksudo
Hacksudo: Checks Content Security Policy (CSP) and common security headers, highlighting missing or weak configurations based on OWASP best practices.
ExperimentalExperimental
Extension Metadata
About this extension
🔐 Hacksudo CSP & Security Headers Checker
Hacksudo CSP & Security Headers Checker is a lightweight security auditing extension designed for developers, security engineers, and penetration testers.
It analyzes the active webpage and reports:
🛡 Content Security Policy (CSP)
🔎 Security Headers Analysis
The extension checks for modern security headers commonly recommended by OWASP:
Each header is categorized as:
🎯 Use Cases
🔐 Privacy & Data Collection
This extension does not collect, store, or transmit any user data.
All analysis is performed locally in the browser.
Hacksudo CSP & Security Headers Checker is a lightweight security auditing extension designed for developers, security engineers, and penetration testers.
It analyzes the active webpage and reports:
🛡 Content Security Policy (CSP)
- Detects CSP header and meta CSP
- Lists configured directives
- Highlights missing critical directives:
default-srcscript-srcobject-srcbase-uriframe-ancestors- Flags weak configurations such as:
unsafe-inlineunsafe-eval- Wildcard (
*) usage - Missing clickjacking protection
🔎 Security Headers Analysis
The extension checks for modern security headers commonly recommended by OWASP:
- Content-Security-Policy
- Strict-Transport-Security (HSTS)
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Permissions-Policy
- Cross-Origin-Opener-Policy (COOP)
- Cross-Origin-Embedder-Policy (COEP)
- Cross-Origin-Resource-Policy (CORP)
Each header is categorized as:
- ✅ Set
- ⚠ Missing
- 🔴 Weak configuration
🎯 Use Cases
- Web application security testing
- VAPT assessments
- Quick client-side header verification
- Secure development validation
- Learning CSP and browser hardening
🔐 Privacy & Data Collection
This extension does not collect, store, or transmit any user data.
All analysis is performed locally in the browser.
Rated 5 by 1 reviewer
Permissions and data
Required permissions:
- Access browser tabs
- Access your data for all websites
Data collection:
- The developer says this extension doesn't require data collection.
More information
- Add-on Links
- Version
- 3.0
- Size
- 17.96 KB
- Last updated
- 5 days ago (Feb 12, 2026)
- Related Categories
- License
- Mozilla Public License 2.0
- Version History
- Tags
- Add to collection