โšก Website Tool

CSP Parser

Parse a Content-Security-Policy header into directive groups so script, style, image, frame, and connection rules are easier to review.

Interactive Tool

Use CSP Parser

How to use

How to use CSP Parser

  1. Paste the full Content-Security-Policy header value from a response or config file.
  2. Run the parser and inspect each directive with its allowed sources.
  3. Use the structured view to find missing domains, unsafe allowances, or policy sections that need testing.
About this tool

Why use CSP Parser

CSP strings can become long and hard to audit, especially when a site uses analytics, ads, embeds, fonts, APIs, and multiple CDNs. Parsing the policy into sections makes it easier to understand what the browser is being asked to allow.

A parser does not prove the policy is safe or complete. It gives a readable map for review. CSP changes should be tested carefully because strict rules can block scripts, styles, frames, images, and network calls that the site depends on.

Best for CSP Parser

  • Reviewing long CSP header values.
  • Finding allowed domains by directive.
  • Preparing CSP cleanup before security testing.

Practical notes

  • Use report-only mode when rolling out major CSP changes.
  • Avoid unsafe-inline and unsafe-eval unless there is a clear reason.
  • Check browser console errors after policy updates.