CSP validator
Validate and evaluate your Content Security Policy from a live page.
Use Consepo's free scan as a CSP validator, evaluator, and next step planner. It checks the current policy, scores the risk, and shows where browser-rendered evidence can help you tighten it.
What to evaluate
A useful CSP evaluator does more than say whether a header exists.
The goal is to understand whether the policy meaningfully limits executable content, whether it can be deployed safely, and what evidence is still missing before enforcement.
- 1
Is a CSP present?
A validator should first confirm whether the page sends a Content-Security-Policy or Content-Security-Policy-Report-Only header.
- 2
Are risky directives too broad?
Look for wildcard sources, unsafe inline execution, missing frame restrictions, and reporting gaps that make a policy harder to enforce.
- 3
Does the page still need deeper scanning?
Static validation can catch obvious issues, but a rendered scan shows the scripts, frames, fonts, and connections the browser actually loads.
Validator plus scanner
Validate the policy, then scan the site that has to live under it.
Header validation is a starting point. Consepo pairs that check with browser-rendered crawling so your policy recommendations are based on the resources the page actually loads.
Related CSP resources
Keep building the policy picture.
- Open resource
Generate a CSP after validation
Move from evaluation to a deployable policy generated from observed browser behavior.
- Open resource
Content Security Policy best practices
Use validation, Report-Only, strict directives, and monitoring as a safer rollout path.
- Open resource
Report-Only vs enforcement
Validate policy changes in production before they block resources for visitors.
- Open resource
CSP violation reporting
Turn browser reports into grouped signals that help refine a policy before enforcement.