Content Security Policy (CSP) is the ultimate defense against XSS attacks. This tool checks if your server is sending a CSP header, which restricts the sources from which content can be loaded.
Ready to scan...
Without CSP, your site is more vulnerable to Cross-Site Scripting (XSS) attacks where attackers inject malicious scripts.
It can be complex. It requires listing every domain your site loads scripts, images, or fonts from.