CSP Analyzer
Paste a Content-Security-Policy header to get a full insight report — headline metrics, detailed statistics, warnings, and improvement suggestions. Everything is processed on your device.
Everything runs in your browser. Your data is never sent to our servers.
Example
Example Input
default-src 'self'; script-src 'self' 'unsafe-inline' *
Example Output
directives + warnings + suggestions
How to Use
- 1Paste the a Content-Security-Policy header you want to analyze into the input box.
- 2If options are available (e.g. SQL dialect or regex flags), set them as needed.
- 3Click Analyze (or press Ctrl+Enter).
- 4Read the report: headline metric cards, detailed statistics, warnings, and recommendations.
About CSP Analyzer
CSP Analyzer audits a Content-Security-Policy: it breaks down each directive and gives security warnings (e.g. 'unsafe-inline', 'unsafe-eval', wildcard *) plus recommendations (add default-src, object-src 'none', base-uri, frame-ancestors).
Unlike a CSP Parser/Builder: it focuses on a security AUDIT with concrete suggestions, not just parsing or assembling.
FAQ
Is my data sent to a server?
No. The entire analysis runs in your browser with JavaScript. Nothing is uploaded, logged, or stored on our servers — safe for sensitive data.
How is this analyzer different from a parser, validator, or viewer?
An analyzer produces an insight report — metrics, statistics, warnings, and recommendations — to help you judge the quality or characteristics of the input. A parser breaks it into structure, a validator gives a valid/invalid verdict, and a viewer just displays it. An analyzer focuses on "how good / what are its characteristics".