Content-Security-Policy analyzer
Related tools
Validators and utilities that complement Content-Security-Policy analyzer — same session, no sign-up.
Split CSP into directives and surface common risk tokens (unsafe-inline, unsafe-eval, frame-ancestors *). Not a substitute for browser CSP violation reports.
Paste the raw Content-Security-Policy header value (or meta http-equiv content). Semicolon-split directives; heuristic warnings only.
How to use this tool
- Paste your sample in the input (or fetch from URL if this tool supports it).
- Run the main action on the page to execute Content-Security-Policy analyzer.
- Read the result, fix the source data or config, and re-run if needed.
What this check helps you catch
- Split CSP into directives and surface common risk tokens (unsafe-inline, unsafe-eval, frame-ancestors *). Not a substitute for browser CSP violation reports.
- Limits called out in the description (what this tool does not verify — e.g. live network reachability, issuer databases, or strict schema contracts unless stated).
- Structural or syntax mistakes that would break parsers, serializers, or the next step in your workflow.
FAQ
- What does Content-Security-Policy analyzer do?
- Split CSP into directives and surface common risk tokens (unsafe-inline, unsafe-eval, frame-ancestors *). Not a substitute for browser CSP violation reports. Use the form above, then see “How to use” and “What this check helps you catch” for behavior detail.
- Is this a substitute for server-side validation?
- No. Use it for manual checks and triage; production systems should still validate and authorize on the server.
- Where does processing happen?
- Most validators here run in your browser. If a tool calls an API, that is stated on the page. See the site privacy policy for data handling.