https://observatory.mozilla.org/ https://securityheaders.io/ https://report-uri.io/home/tools https://csp-evaluator.withgoogle.com/ https://cspvalidator.org/#url=https://cspvalidator.org/ Chrome Extension to test CSP without actually applying it to the website: https://chrome.google.com/webstore/detail/caspr-enforcer/fekcdjkhlbjngkimekikebfegbijjafd?hl=en-US https://www.gravityscan.com/ Example Header for nginx [crayon-6735859a524dc100532742/]