Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
csp-auditor-burp-plugin Fix quoting issue; handle frame-ancestors correctly Feb 25, 2018
csp-auditor-core Fix quoting issue; handle frame-ancestors correctly Feb 25, 2018
csp-auditor-zap-plugin Optimize ZAP packaging to minimize dependencies. Jun 27, 2016
gradle/wrapper Add Gradle Wrapper May 16, 2016
README.md Add one screenshot/demo Aug 14, 2017
build.gradle CSP configuration helper Tab.. Jul 19, 2017
demo.gif Added GIF demonstration. Jun 20, 2016
gradlew Add execute permission to Gradle Wrapper May 16, 2016
gradlew.bat Add Gradle Wrapper May 16, 2016
settings.gradle Update the Burp dependency to Maven artifact. Aug 14, 2017


CSP Auditor Build Status

This plugin provides:

  • a readable view of CSP Headers in Response Tab
  • passive scan rules to detect weak CSP configuration
  • a CSP configuration generator based on the Burp crawler or using manual browsing

This project is packaged as a ZAP and Burp plugin.


Last updated : August 3th 2017


Passive rules and custom tab:

CSP Auditor Burp Plugin

Configuration builder:

CSP Auditor Burp Plugin

Building the plugin

Type the following command:

./gradlew build

or if you have already Gradle installed on your machine:

gradle build

Read more

For more context around Content-Security-Policy and how to apply it to your website see our blog posts on the topic: