CSP Parser
Parse a Content-Security-Policy into its directives and sources. Everything is processed on your device, nothing is sent to a server.
Everything runs in your browser. Your data is never sent to our servers.
Example
Example Input
default-src 'self'; script-src 'self' https://cdn.x.com
Example Output
default-src → 'self' · script-src → 'self' https://cdn.x.com
How to Use
- 1Fill the input fields with your data (or paste the text to process).
- 2If there are options, adjust them to your needs.
- 3Click Run (or press Ctrl+Enter) to parse.
- 4The result appears in the Result area. Click Copy to copy it.
About CSP Parser
The CSP Parser breaks a Content-Security-Policy value into a list of directives and their allowed sources. Useful for reviewing or debugging a long CSP policy and ensuring no dangerous sources are allowed.
In the browser.
FAQ
Are any network requests sent?
No. This tool only transforms/analyzes text in your browser — no actual HTTP request is sent, and your data never leaves your device. (Tools that truly call an external server are intentionally not provided due to browser CORS limits.)
Is my data safe?
Yes. All processing happens entirely locally in your browser. Nothing is uploaded, logged, or stored on our servers.