Paste a Content-Security-Policy header to analyze its security posture. Detects dangerous directives, missing protections, and common misconfigurations.
Analyze Content-Security-Policy headers for weaknesses. Find unsafe-inline, wildcard sources, and missing directives.
unsafe-inline with nonces or hashes → CSP Hash Generatordefault-src to 'self' to block untrusted originsreport-to or report-uri to monitor violations in production* wildcards — they allow any origin, defeating CSPbase-uri 'self' and form-action 'self' → Policy Generator