Security Checks / CSP Check
CSP Check
Check Content Security Policy (CSP) coverage and common pitfalls.
Check a Website
Enter a URL to run a scan and review relevant security signals.
What It Is
CSP restricts which sources can load scripts, styles, images, and more.
Why It Matters
A good CSP reduces impact of XSS by limiting where code can execute from.
How to Fix
- Start with a report-only policy to collect violations.
- Prefer nonces/hashes over unsafe-inline for scripts.
- Allow only the origins you actually need.