Get a full analysis of your Content-Security-Policy, and understand how to easily improve it:

Client-Side CSP Security Posture

Summary

No Fatal ErrorsNo Warnings4 Info14 Valid

Content Security Policy (CSP) Scanner

General

report-uri
Add another 'report-uri' to get better violation reports. Setup a free report-uri at RapidSec
form-action
Strong protection against Formjacking thanks to strict 'form-action' and 'base-uri'.

Necessary Directives

default-src
base-uri
Strong protection against Formjacking thanks to strict 'form-action' and 'base-uri'.
frame-ancestors
Strong protection against Clickjacking thanks to strict 'frame-ancestors', 'frame-src' and 'child-src'.
upgrade-insecure-requests

Scripting Directives

script-src
style-src
object-src
worker-src
Missing 'worker-src'. Falling back to 'default-src'. It's better to explicitly define this directive.

Frames Directives

child-src
Missing 'child-src'. Falling back to 'default-src'. It's better to explicitly define this directive.
frame-src
Missing 'frame-src'. Falling back to 'default-src'. It's better to explicitly define this directive.

Content Directives

img-src
connect-src
font-src
Missing 'font-src'. Falling back to 'default-src'. It's better to explicitly define this directive.
manifest-src
Missing 'manifest-src'. Falling back to 'default-src'. It's better to explicitly define this directive.
media-src
Missing 'media-src'. Falling back to 'default-src'. It's better to explicitly define this directive.
prefetch-src
Missing 'prefetch-src'. Falling back to 'default-src'. It's better to explicitly define this directive.

CSP Scanner helps developers and security experts to easily inspect and evaluate a site’s Content Security Policy (CSP), and understand wether it serves as a strong mitigation against client-side attacks like XSS, Clickjacking, Formjacking, Data Exfiltration and more.

The CSPscanner.com tool is built combining years of cumulative best practice with the Content-Security-Policy technology and how to most effectively block client-side attacks.

The tool may suggest a Grade / Score / Tips / Bypasses to a presented CSP.

If you are looking to automate the deployment of Content-Security-Policy (CSP), the recommendations suggested by this tool, along with other important security controls (SameSite, Security headers), you can use RapidSec.com.