CSP Analyzer

CSP Analyzer — runs 100% in your browser. No data is uploaded; nothing leaves your device.

Ad space

Paste a Content-Security-Policy

Directives (3)

default-src 'self'
script-src 'self' 'unsafe-inline' https://cdn.example.com
img-src *

Findings (4)

script-srchigh
'unsafe-inline' allows inline scripts/styles — a major XSS vector.
img-srchigh
Wildcard '*' allows any host.
object-srclow
Consider object-src 'none' to block plugins/Flash.
frame-ancestorsmedium
No frame-ancestors — add it to prevent clickjacking.

Heuristic analysis of a CSP for common weaknesses. Not a full evaluator — runs entirely in your browser.

Loading tool…

Reach for CSP Analyzer whenever you need to generate a security header for your site. Web developers and security engineers use it to harden a site before launch, fix failing securityheaders.com or Mozilla Observatory scans, and meet client or compliance security requirements.

How to embed CSP Analyzer on your website

Add this free tool to your own site, blog or intranet — it's 100% free to embed. Paste this snippet where you want the tool to appear; it loads a clean, self-contained version with no ads or navigation.

<iframe src="https://tooljolt.com/embed/csp-analyzer" title="CSP Analyzer" width="100%" height="640" style="border:1px solid #e5e7eb;border-radius:12px" loading="lazy"></iframe>

About CSP Analyzer

CSP Analyzer is a free online web-security header tool that lets you cSP Analyzer. It runs entirely in your browser — no sign-up, no uploads and nothing ever sent to a server — so it is fast, private and safe to use with sensitive data. Whether you are a developer, security professional, student or just curious, CSP Analyzer gives you an instant, reliable result with zero setup.

How to use CSP Analyzer

1Pick the options you want in CSP Analyzer.
2Copy the generated header (or meta tag).
3Add it to your server, CDN or framework config.
4Re-test with a security-headers scanner to confirm.

Why use CSP Analyzer?

✓100% free with no sign-up, accounts, watermarks or usage limits
✓Runs entirely in your browser — your input never leaves your device, ideal for confidential security data
✓Hardens your site against XSS, clickjacking and data leaks
✓Improves scores on Mozilla Observatory and securityheaders.com
✓Works on any device with a modern web browser, online or offline

Frequently asked questions

Where do I add the output from CSP Analyzer?+

Send it as an HTTP response header from your server or CDN (Nginx, Apache, Cloudflare, Vercel, etc.). Many headers can also be set via a meta tag, but the HTTP header is the most reliable.

Will this improve my security score?+

Yes. Correct security headers are checked by tools like Mozilla Observatory and securityheaders.com and defend against XSS, clickjacking and data leaks — a quick win for safety and for the trust signals search engines value.

Is CSP Analyzer free to use?+

Yes. CSP Analyzer is 100% free with no sign-up, no account, no usage limits and no watermarks. Use it as often as you like.

Does CSP Analyzer upload my data to a server?+

No. CSP Analyzer runs entirely in your browser using JavaScript — nothing you type or upload ever leaves your device. That makes it safe to use with sensitive or confidential security data.