CSP Analyzer
Parse Content-Security-Policy directives, highlight unsafe patterns, grade from A to F.
CSP Analyzer parses a site's Content-Security-Policy header, validates syntax, assigns a grade A-F. Detects dangerous directives: unsafe-inline, unsafe-eval, wildcards in script-src. Produces migration guidance toward nonce-based CSP.
CSP Header
Directives
Other Security Headers
Want a weekly re-check of this?
Drop your email — we will re-run this check every 7 days and alert you if anything degrades (SSL expiry, DNS change, header regression). Free.
One-click unsubscribe in every email. We never share email addresses. By subscribing you agree to our privacy policy.
What is Content Security Policy?
Content Security Policy (CSP) is an HTTP response header that tells browsers which resources (scripts, styles, images) are allowed to load. A well-configured CSP is one of the most effective defences against Cross-Site Scripting (XSS). This tool fetches the CSP header, parses every directive, highlights dangerous patterns like 'unsafe-inline' or wildcards, and assigns a grade from A (strict) to F (missing or broken).
Learn more
Frequently Asked Questions
What is Content-Security-Policy and why check it?
CSP is a security header that restricts script/style/font/iframe sources. Prevents XSS and data injection. The checker flags overly permissive directives (unsafe-inline, unsafe-eval, wildcards) and missing critical rules.
Related guides
Longer-form reading on this topic from the knowledge base.
Automate this check
Set up continuous monitoring and get an alert when something breaks. No manual runs to remember.