Free Content-Security-Policy analyzer. Paste a CSP header value to parse every directive into a clear table, surface risky sources like 'unsafe-inline', 'unsafe-eval', wildcards, data: and http:, catch missing default-src / object-src / base-uri, and get an A–F grade. 100% client-side, nothing is uploaded.
Open