CSP Analyzer & Builder

A Content Security Policy (CSP) is an added layer of security that helps detect and mitigate certain types of computer security issues, such as Cross-Site Scripting (XSS) and data injection attacks. It directs the browser on which domains and source types are trusted for executing script payloads or loading assets.

The 'unsafe-inline' directive allows the browser to execute arbitrary inline scripts and event handlers. Because this is the primary vector for Cross-Site Scripting (XSS), allowing inline execution largely defeats the XSS mitigation benefits of a CSP.

Restrict directives like default-src and script-src to trusted sources (e.g., 'self'), avoid wildcards (*) or unsafe expressions like 'unsafe-inline' and 'unsafe-eval', and use cryptographic nonces or hashes for authorized inline elements.