Parse Content-Security-Policy directives, highlight unsafe patterns, grade from A to F.
Content Security Policy (CSP) is an HTTP response header that tells browsers which resources (scripts, styles, images) are allowed to load. A well-configured CSP is one of the most effective defences against Cross-Site Scripting (XSS). This tool fetches the CSP header, parses every directive, highlights dangerous patterns like 'unsafe-inline' or wildcards, and assigns a grade from A (strict) to F (missing or broken).
CSP is a security header that restricts script/style/font/iframe sources. Prevents XSS and data injection. The checker flags overly permissive directives (unsafe-inline, unsafe-eval, wildcards) and missing critical rules.