CSP Evaluator

Paste a Content-Security-Policy header and get per-directive security analysis. 100% client-side.