CSP Evaluator
Evaluate Content-Security-Policy headers for security issues and get improvement recommendations.
Content Security Policy - Technical Details
CSP is a security header that controls which resources browsers can load. It helps prevent XSS, clickjacking, and other injection attacks. Avoid 'unsafe-inline' and 'unsafe-eval' for better security.
Command-line Alternative
// Strict CSP example\ndefault-src 'self';\nscript-src 'self' 'nonce-abc123';\nobject-src 'none';\nframe-ancestors 'self';