Content Security Policy (CSP) Parser/Checker
Parse and check Content Security Policy of Websites. CSP Parser. CSP Check.
What is CSP?
Content Security Policy (CSP) is a security standard for websites introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.
Websites can provide a CSP via HTML meta tag or via HTTP header. There are more than 10 different types of directions that could be secured with CSP. Common directives includes default-src, style-src, script-src and img-src.
CSP Facts
| CSP Header Name | Content-Security-Policy |
|---|---|
| CSP Meta Name | Content-Security-Policy |
| Deprecated | X-WebKit-CSP, X-Content-Security-Policy |
CSP Examples
default-src
'self' https://cdn.example.com data:;
script-src
'self' 'nonce-1e81e9d162991baee1db010f1e2f199c' https://cdn.example.com data:;
style-src
'self' 'unsafe-inline'
frame-src
'self'
form-action
'self'