Content Security Policy
Analyzer

Analyze CSP headers for vulnerabilities, detect bypass opportunities, and get actionable security insights.

CSP Analyzer

Paste your policy below

v1.0.5

✓ What we check

Unsafe inline/eval detection
JSONP & Angular bypasses
Missing directive analysis
Google CSP Evaluator

Pro Tip

Copy your CSP directly from browser DevTools → Network tab → Response Headers

API Endpoint POST /analyze

API Documentation

Simple REST API for integrating CSP analysis into your security workflows

POST /analyze

Analyze a Content-Security-Policy header and get detailed findings.

# Request
curl -X POST https://csp.quentinra.dev/api/analyze \
  -H "Content-Type: application/json" \
  -d '{
    "policy": "default-src 'self'; script-src 'unsafe-inline'"
  }'

RESPONSE 200 OK

Returns detailed analysis including bypasses and security findings.

{
  "scriptAnalysis": {
    "unsafeInline": true,
    "bypasses": { "angular": [...] }
  },
  "googleFindings": [...]
}

GET /health

Health check endpoint for monitoring and load balancers.

# Request
curl https://csp.quentinra.dev/api/health

# Response
{ "status": "ok" }

EXAMPLE Python Integration

Easy integration with any programming language.

import requests

response = requests.post(
    "https://csp.quentinra.dev/api/analyze",
    json={"policy": csp_header}
)
findings = response.json()

Features

Everything you need to analyze and improve your Content Security Policy

⚡

Bypass Detection

Detects known JSONP endpoints and Angular libraries that can bypass your CSP.

📊

Google CSP Evaluator

Integrates with Google's CSP Evaluator for industry-standard findings.

🔌

REST API

Simple JSON API for easy integration into CI/CD pipelines and security tools.

📝

Custom Bypasses

Add your own bypass database with hot-reload support.

🐳

Docker Ready

Deploy instantly with Docker and docker-compose.

🛡️

Security Focused

Built by security professionals for security professionals.

Content Security PolicyAnalyzer