Get a full analysis of your Content-Security-Policy, and understand how to easily improve it:

Client-Side CSP Security Posture

Summary

1 Fatal Error3 Warnings3 Info11 Valid

Content Security Policy (CSP) Scanner

General

report-uri
Add 'report-uri' directive to receive violation reports. Setup a free report-uri at RapidSec

Necessary Directives

default-src
base-uri
Strong protection against Formjacking thanks to strict 'form-action' and 'base-uri'.
frame-ancestors
Strong protection against Clickjacking thanks to strict 'frame-ancestors', 'frame-src' and 'child-src'.
block-all-mixed-content

Scripting Directives

script-src
style-src
object-src
Missing 'object-src'. Falling back to 'default-src'. It's better to explicitly define this directive.
worker-src

Frames Directives

child-src
Missing 'child-src'. Falling back to 'default-src'. It's better to explicitly define this directive.
frame-src

Content Directives

img-src
connect-src
font-src
manifest-src
media-src
prefetch-src
Missing 'prefetch-src'. Falling back to 'default-src'. It's better to explicitly define this directive.

Other Directives

form-action
Strong protection against Formjacking thanks to strict 'form-action' and 'base-uri'.

CSP Scanner helps developers and security experts to easily inspect and evaluate a site’s Content Security Policy (CSP), and understand wether it serves as a strong mitigation against client-side attacks like XSS, Clickjacking, Formjacking, Data Exfiltration and more.

The CSPscanner.com tool is built combining years of cumulative best practice with the Content-Security-Policy technology and how to most effectively block client-side attacks.

The tool may suggest a Grade / Score / Tips / Bypasses to a presented CSP.

If you are looking to automate the deployment of Content-Security-Policy (CSP), the recommendations suggested by this tool, along with other important security controls (SameSite, Security headers), you can use RapidSec.com.