Free security tools
Use these tools when you need a quick policy read, a precise hash for inline code, an integrity value for external assets, or an API endpoint that can run inside your release process.
Toolbox
Each tool is built for a narrow task so you can move from diagnosis to copy-ready output without sorting through a full product setup.
Run a one-off scan for any public site and get immediate CSP guidance.
Best for
A first look at any public site
Run a quick Content Security Policy scan, get a plain-English scorecard, and see the highest-impact fixes before you create an account.
Pick sha256, sha384, or sha512 and build a Content Security Policy hash for inline script or style.
Best for
Allowing fixed inline scripts or styles
Paste the exact inline block and generate a CSP hash token for script-src or style-src without guessing which bytes the browser will validate.
Generate Subresource Integrity values for external scripts and styles.
Best for
Protecting external assets
Generate Subresource Integrity values for production JavaScript and CSS assets so browsers can reject files that no longer match what you approved.
Programmatically generate CSP/SRI hashes through the token-auth API.
Best for
CI/CD and automation
Use the public API to generate CSP and SRI hashes from build pipelines, deployment checks, or internal developer tooling.
How teams use them
Use the free scan to understand whether the current policy is missing, too broad, or ready for refinement.
Use the inline hash and SRI calculators when a policy needs exact trust tokens instead of broad allowlists.
Move repeatable hash generation into the API once the workflow belongs in releases or CI.
Need a maintained policy?
Create an account when you want saved applications, scan history, violation monitoring, and guided deployment instead of one-off calculators.