HTTP
CSP Checker
Check Content-Security-Policy header. Parse directives, detect unsafe-inline, unsafe-eval.
Fetches headers — parses CSP.
How to use
- Enter a domain, URL, or value relevant to CSP Checker.
- Run the check and review the output carefully.
- Apply recommended fixes, then run the check again to verify.
Common use cases
- Pre-deployment validation for CSP Checker.
- Incident triage when security checks fail in production.
- Periodic security review as part of technical SEO and hardening.
Example inputs
https://example.comCommon issues and fixes
unsafe-inline
Allows inline scripts — XSS risk. Use nonces or hashes.
unsafe-eval
Allows eval() — high XSS risk. Avoid in production.
No CSP
Content-Security-Policy missing — no protection against XSS.
Recommended remediation
Start with default-src 'self'. Add script-src with nonces. Avoid unsafe-inline/unsafe-eval.
FAQ
Is CSP Checker free to use?
Yes. This tool is free and can be used without account registration.
Do you store submitted values?
Only the minimum processing needed for the check. For client-side tools, data stays in your browser.
How should I use these results?
Use the output as a diagnostic baseline, apply fixes in your stack, then re-run the check to confirm remediation.
Related security tools
HTTP Header Analyzer
Analyze HTTP response headers and check security headers like CSP, HSTS, X-Frame-Options.
HSTS Checker
Check Strict-Transport-Security header. Verify max-age, includeSubDomains, preload.
Clickjacking Checker
Check X-Frame-Options and CSP frame-ancestors. Detect clickjacking vulnerability.