CSP Audit Helper

Parse a Content-Security-Policy header and flag risky directives such as unsafe-inline and missing base-uri.

About This Tool

Paste a Content-Security-Policy header and get a readable directive summary plus review warnings.

The tool focuses on common implementation mistakes that are easy to miss in long CSP strings.

Output

default-src: 'self'
script-src: 'self' 'unsafe-inline' https://cdn.example.com
object-src: 'none'
base-uri: 'self'

Warnings
script-src allows 'unsafe-inline'.
frame-ancestors is missing.

Directives

Warnings

Status

Findings

How to Use

1
Enter the values you need or paste your text into the input area.
2
Adjust any options, units, or settings for your exact use case.
3
Review the result and copy it into your document, workflow, or next task.

Features

Instant Results

Outputs update directly in the browser as you enter values.

Browser-Based Processing

Your inputs are handled locally and are not uploaded for calculation.

Simple Inputs

Clear fields and readable outputs keep repeat tasks fast.

Free to Use

Use the tool immediately with no sign-up or installation.

Common use cases

›Review CSP changes before deployment.
›Find unsafe-inline, unsafe-eval, and wildcard sources.
›Check for missing base-uri, object-src, and frame-ancestors directives.

Related Tools

CSP Header Generator

Build a Content-Security-Policy header from common security directives.

Security Headers Checklist

Check raw response headers for common security headers and summarize missing items.

HTTP Header Normalizer

Normalize raw HTTP headers, find duplicates, and flag missing common security headers.

Developer Tools

QR Code Generator Password Generator JSON Formatter & Validator Hash Generator UUID Generator Unix Timestamp Converter