tools / csp-parser
CSP Parser
Parse Content Security Policy headers, blocked-resource reports, unsafe directives, and hardening recommendations.
3 signals detected. Start with unsafe inline directive.
Unsafe inline directive
The policy allows inline script or eval-like execution.
Replace unsafe directives with nonces, hashes, strict-dynamic, or bundled scripts.
Blocked resource violation
A resource is being blocked by CSP.
Identify the blocked-uri and directive, then decide whether to allow, nonce, hash, or remove the resource.
CSP reporting configured
CSP reports are available for feedback.
Aggregate reports by directive and blocked host before relaxing policy.
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; report-uri /csp
Refused to load script because it violates the following Content Security Policy directive
DebugTools product
CSP Parser
CSP Parser is a focused DebugTools mini-product for developers. Parse Content Security Policy headers, blocked-resource reports, unsafe directives, and hardening recommendations.
Use cases
- Inspect auth, token, header, certificate, cookie, and policy clues safely.
- Find configuration mismatches before sharing logs or screenshots.
- Turn security evidence into a practical fix checklist.
How it works
- Paste or load the snippet you want to inspect in CSP Parser.
- Run the tool in the browser and review the highlighted output.
- Copy, export, or turn the result into the next debugging step.
Privacy
- CSP Parser is local-first. The core workflow runs in your browser and does not require sending pasted content to DebugTools servers.
This tool history
Recent Csp Parser sessions
Only visits for this tool are shown. Pasted content, tokens, request bodies, and logs are not stored here.