What is CSP Parser?
Paste a Content-Security-Policy (CSP) header and this tool breaks it into a clear table — one row per directive with its allowed sources listed out. It makes long, dense CSP strings easy to read and audit.
How CSP Parser works
A CSP is a list of directives separated by semicolons, each with a name and a space-separated list of sources.
The parser splits on semicolons, then on whitespace, and renders each directive and its sources. A directive with no sources blocks that resource type entirely.
Common uses
- Read and audit a CSP header
- Review which sources each directive allows
- Spot missing or overly broad directives
- Understand a site's content security policy
Frequently asked questions
What is a Content-Security-Policy?
An HTTP header that controls which sources of scripts, styles, images and other content a page may load, helping prevent XSS.
Does this check if my CSP is secure?
It parses and displays the policy clearly; reviewing the sources for safety is up to you.
Can I paste the whole header line?
Yes — a leading 'Content-Security-Policy:' is stripped automatically.