CSP Analyzer

New

Analyze Content Security Policy (CSP) headers by parsing all directives and identifying security issues. Detects dangerous configurations: unsafe-inline (allows inline scripts, negating XSS protection), unsafe-eval (allows eval(), a common XSS vector), wildcard sources (*), data: URIs in script-src, and missing critical directives. Explains each directive and provides a security score with remediation suggestions.

CSP Analyzer

Parse and analyze Content Security Policy headers. Identify unsafe directives and security risks.

default-srcFallback for all resource types
'self'
script-srcJavaScript sources
'self''unsafe-inline'https://cdn.example.com
'unsafe-inline' weakens XSS protection
style-srcCSS sources
'self''unsafe-inline'
'unsafe-inline' weakens XSS protection
img-srcImage sources
*
Wildcard (*) allows all external sources
connect-srcFetch, XHR, WebSocket connections
'self'

How to Use CSP Analyzer

  1. 1Paste a Content-Security-Policy header value
  2. 2View parsed directives and values
  3. 3Check for dangerous settings like unsafe-inline
  4. 4Read recommendations for improvement

Your Privacy is Protected

CSP Analyzer runs entirely in your browser. Your files and data are never uploaded to any server, never stored, and never shared. Everything happens locally on your device using secure browser APIs.

No server uploadNo account required100% freeWorks on all devices

Frequently Asked Questions

What does unsafe-inline in CSP mean?

unsafe-inline allows inline <script> and <style> tags and on* event handlers. This effectively disables CSP protection against XSS attacks from injected inline code.

Why Use This Tool?

Files never leave your device
No upload to any server
Instant processing in browser
100% free, no account needed

Tags

csp analyzercontent security policycsp checkercsp validatorunsafe-inline csp

Related Tools

Security Headers Checker

Security Tools

XSS Pattern Checker

Security Tools

HTTP Header Inspector

Security Tools

More Security Tools

View all Security Tools

Related Articles

Top Free Security Tools Online (2026) — Password Generator, Hash, Encryption

7 min read
More articles

Try CSP Analyzer Now

Free, instant, no login. Use it right now — directly in your browser.

Use CSP Analyzer Instantly

We use cookies

We use essential, analytics, and advertising cookies to provide our service, improve your experience, and keep our tools free. By clicking "Accept All", you consent to our use of cookies. Learn more