Question 1

What is CSP analysis?

Accepted Answer

Content-Security-Policy (CSP) analysis examines a website's CSP headers to detect security weaknesses like unsafe-inline scripts, wildcard sources, missing nonces, and unprotected form actions. A strong CSP prevents XSS and data injection attacks.

Question 2

How does the CSP Evaluator work?

Accepted Answer

Paste your Content-Security-Policy header string into the input box and click Evaluate. The tool parses all directives (script-src, default-src, base-uri, form-action, etc.) and flags dangerous configurations, missing protections, and provides prioritized recommendations.

Question 3

What CSP issues does this tool detect?

Accepted Answer

It detects: unsafe-inline and unsafe-eval in script-src, wildcard (*) sources, missing base-uri (allowing base tag injection), missing form-action (phishing risk), missing object-src restriction, HTTP sources instead of HTTPS, data: URI usage, and missing frame-ancestors for clickjacking protection.

CSP Evaluator

Analysis