What is CSP?
Content-Security-Policy limits which scripts, styles, and connections a page may load—a core defense against XSS.
DevTools Security Headers Checker analyzes CSP, HSTS, X-Frame-Options, X-Content-Type-Options, and related headers from pasted HTTP response text—find missing or weak policies.
Paste HTTP response headers to find missing or misconfigured security-related headers.
Restricts script, style, and resource origins to mitigate XSS.
Forces browsers to use HTTPS.
Prevents clickjacking via third-party iframes.
Blocks MIME sniffing.
Controls referrer header leakage.
Restricts powerful APIs like camera, mic, and geolocation.
Security headers reduce XSS, clickjacking, and MIME sniffing risk. Paste output from curl -I or browser Network headers to score and improve your policy.
Content-Security-Policy limits which scripts, styles, and connections a page may load—a core defense against XSS.
Strict-Transport-Security forces HTTPS-only access, helping prevent SSL stripping attacks.
Analysis runs on the pasted text you provide; treat sensitive tokens carefully and redact secrets before pasting.
Yes. No sign-up required.
Convert between common formats: CSV/JSON, YAML/JSON, TOML/JSON, Markdown/HTML, timestamps, image Base64, text encodings, and number bases.
Format and beautify SQL, HTML, XML, and YAML, plus a regex debugger—all run locally in the browser, free with no sign-up.
Full JSON toolkit: format, validate, minify, convert to CSV/XML, diff, generate and validate Schema, JSONPath, and tree view—all processed locally in the browser.
Upload a logo, preview browser and Google search results, configure iOS/Android icons, and generate a complete favicon package in one click.