Parse a Content-Security-Policy header and flag important missing baseline directives.
Directives
-
Missing baseline
-
Status
-
Enter the example value or paste your own input, choose the mode when one is available, and read the first result card for the direct answer. The output area gives a copyable block for code reviews, documentation, API tests, classwork or troubleshooting notes.
What the result means
The parser splits directives and checks for baseline controls such as default-src, object-src and base-uri.
What is not included
This is a structural checklist. It does not prove that a policy is safe for a specific application.
Privacy note
The calculation runs in your browser. Avoid pasting production secrets, credentials, private keys, customer data or regulated personal data unless your own policy allows browser-based tools.