Free security tools

Check, hash, and automate the CSP work that slows teams down.

Use these tools when you need a quick policy read, a precise hash for inline code, an integrity value for external assets, or an API endpoint that can run inside your release process.

Run a free scanView API docs

Toolbox

Pick the tool that matches the CSP job in front of you.

Each tool is built for a narrow task so you can move from diagnosis to copy-ready output without sorting through a full product setup.

  • Free CSP Scan

    Run a one-off scan for any public site and get immediate CSP guidance.

    Best for

    A first look at any public site

    Run a quick Content Security Policy scan, get a plain-English scorecard, and see the highest-impact fixes before you create an account.

    • CSP grade
    • Priority findings
    • Recommended next steps
    Open tool

  • CSP Validator

    Evaluate a live Content Security Policy and see which gaps need deeper browser-rendered evidence.

    Best for

    Evaluating a live CSP header

    Validate whether a page sends a CSP, evaluate risky directives, and decide whether the site needs a deeper browser-rendered scan.

    • Policy evaluation
    • Directive gaps
    • Scan-backed guidance
    Open validator

  • CSP Generator

    Generate a deployable Content Security Policy from real browser crawl evidence.

    Best for

    Creating a deployable CSP

    Generate a policy from live browser evidence, then review the directives and deployment format before shipping in Report-Only mode.

    • Generated policy
    • Directive mapping
    • Export guidance
    Open generator

  • Hash Calculator

    Pick sha256, sha384, or sha512 and build a Content Security Policy hash for inline script or style.

    Best for

    Allowing fixed inline scripts or styles

    Paste the exact inline block and generate a CSP hash token for script-src or style-src without guessing which bytes the browser will validate.

    • sha256, sha384, sha512
    • CSP-ready token
    • Directive snippet
    Open tool

  • SRI Calculator

    Generate Subresource Integrity values for external scripts and styles.

    Best for

    Protecting external assets

    Generate Subresource Integrity values for production JavaScript and CSS assets so browsers can reject files that no longer match what you approved.

    • Integrity attribute
    • Recommended sha384
    • Copy-ready hashes
    Open tool

  • API Hash Automation

    Programmatically generate CSP/SRI hashes through the token-auth API.

    Best for

    CI/CD and automation

    Use the public API to generate CSP and SRI hashes from build pipelines, deployment checks, or internal developer tooling.

    • POST /v1/tools/hashes
    • Token auth
    • CI-ready response
    View docs

How teams use them

From first scan to repeatable release checks.

  1. 1

    Start with the site

    Use the free scan to understand whether the current policy is missing, too broad, or ready for refinement.

  2. 2

    Fix the hash cases

    Use the inline hash and SRI calculators when a policy needs exact trust tokens instead of broad allowlists.

  3. 3

    Automate the repeat work

    Move repeatable hash generation into the API once the workflow belongs in releases or CI.

Need a maintained policy?

The tools are free. Consepo keeps the policy current.

Create an account when you want saved applications, scan history, violation monitoring, and guided deployment instead of one-off calculators.

Create account