Content Security Policy Evaluator - Online Hash & Nonce Check

CSP Hash Generator

Inline Script Content Hash Algorithm

CSP Hash Value

—

Paste into script-src with 'strict-dynamic'

Nonce Generator

Generate a cryptographically random nonce for CSP.

Base64 Nonce (128-bit)

—

Use: script-src 'nonce-...'

CSP Evaluator

Content-Security-Policy Header Value

Security Score --

Enter a CSP header to see analysis.

Frequently Asked Questions

A CSP hash allows you to whitelist specific inline scripts by their cryptographic hash. Instead of enabling 'unsafe-inline', you compute the SHA-256, SHA-384, or SHA-512 hash of the script's content and add it to your script-src directive. Browsers will then only execute inline scripts whose hash matches one in the policy, effectively blocking XSS.

Nonces are ideal for dynamic scripts where the content changes on every page load (e.g., scripts with session-specific data). The server generates a unique nonce for each response and includes it both in the CSP header and as a nonce attribute on the script tag. Hashes, on the other hand, work best for static inline scripts that rarely change.

A secure CSP should avoid 'unsafe-inline' and 'unsafe-eval', restrict sources to exact origins, define object-src 'none', and consider using 'strict-dynamic' with nonces/hashes. Always include a report-uri or report-to directive to monitor violations. Our evaluator helps identify such misconfigurations.

Add it to the script-src directive like this: script-src 'sha256-xyz...';. If you use 'strict-dynamic', the hash allows the inline script and also enables loading of other scripts dynamically added by that script. Remember to base64-encode the hash (as we output) and include the prefix.

Yes. Paste your complete Content-Security-Policy header value into the evaluator, and click “Evaluate Security”. You'll get a breakdown of each directive and a security score. It highlights dangerous keywords like 'unsafe-inline' and missing directives.

New

HTTP Security Header Checker - Online HSTS, CSP, X-Frame Analysis

Paste response headers string and get a security audit. Check presence and configuration of key security headers. Local analysis.

Checker checker headers HTTP security

New

Browser Extension Headers Check - Online Detect Injected Scripts

Look at HTTP headers and JavaScript objects to guess which browser extensions might be installed. For awareness.

Info browser checker extension privacy

New

XSS Payload Sandbox - Online Test Escape Characters

Paste a potential XSS vector and see if it executes in a sandboxed iframe. For security researchers and education.

Educational payload sandbox security XSS

New

JWT Viewer & Verifier - Online Decode & Check Signature

Paste a JSON Web Token and decode its header and payload. Verify signature if you provide the secret. Fully local.

Developer Tools decode JWT token verify

New

Iframe Sandbox Configurator - Online Test Permissions

Build an iframe with different sandbox flags and see live which features are blocked. For secure embedding.

Developer Tools iframe sandbox security test

New

Redirect Rule Tester - Online See How Browsers Follow

Enter a URL and see the full redirect chain with status codes and response times. Also validates against your chosen rule.

Developer Tools chain redirect status tester

New

Robots.txt Validator - Online Check Syntax & Rules

Paste a robots.txt file and validate its syntax. See if a specific user‑agent can access a path. Essential for webmasters.

Developer Tools robots.txt SEO syntax validator

Email Signature Generator - Online Professional HTML Footer

Design a clean, professional email signature with your photo, links, and disclaimers. Copy the HTML to use in Gmail/Outlook.

Business email signature generator HTML professional

User Agent Parser - Online Browser & OS Detector

Paste a user agent string to get a human-readable breakdown of browser, operating system, and device. See your own current agent info automatically.

Developer Tools browser device parser user agent

New

Screen Color Depth Checker - Online 8‑bit vs 16‑bit

See your monitor's color depth and pixel depth. Detect if HDR or wide gamut is available using media queries.

Info bits check color depth screen

New

Unicode Blocks Browser - Online Explore All Scripts

Browse Unicode by block: Latin, Cyrillic, CJK, Emoticons. See characters and copy with a click. Full reference.

Reference blocks browse scripts Unicode

New

HTML Email Signature Builder - Online Professional Footer Creator

Create a polished HTML email signature with your photo, links, and company details. Live preview and copy HTML to clipboard. Works with Gmail, Outlook, Apple Mail.

Business Tools email HTML signature template

New

Screen Reader Test Snippet - Online Check HTML ARIA Labels

Paste an HTML snippet and see how a screen reader might interpret it. Highlights missing alt texts and ARIA misuses. Educational.

Accessibility accessibility ARIA HTML screen reader

New

ASCII Text Signature Generator - Online Figlet & Banner

Type your name and create a stylized ASCII text banner for email signatures or forum posts. Choose a font style.

Fun ASCII banner figlet signature

New

Constraint Validation API Tester - Online Form Debug

Test required, pattern, minlength etc. See validity states and custom error messages. Learn browser‑native validation.

Developer Tools API Constraint Validation debug form

New

JSON Diff Compare - Online Highlight Differences

Paste two JSON objects and find the structural differences with side‑by‑side highlighted output. Indispensable for API debugging.

Comparator api compare diff JSON

Gradient Border CSS Generator - Online Animated & Static

Design borders with linear or conic gradients. Supports border‑image and background‑clip methods. Copy optimized CSS.

Developer Tools animated CSS generator gradient border

Text Diff Checker - Online Compare & Find Differences

Compare two text blocks and highlight differences line by line. Ideal for code review and document revisions. All diffs computed locally for privacy.

Developer Tools code compare diff checker text difference

Query String Parser & Builder - Online URL Params Editor

Parse a URL's query string into a key-value table, or build a query string from parameters. Perfect for API testing and web development.

Developer Tools builder parser query string URL params

New

Telegram Bot Markdown/HTML Builder - Online Message Formatter

Compose messages with bold, italic, links, and code. See the raw HTML or Markdown for your Telegram bot API calls.

Developer Tools bot format message Telegram

New

Screen Reader Text Visualizer - Online View Hidden A11y Content

Paste a website's HTML and see which text is only visible to screen readers (e.g., .sr‑only). Preview the accessible layer.

Accessibility a11y screen reader text visualizer

New

Handwriting Worksheet Generator - Online Traceable Letters

Create custom traceable handwriting worksheets with name or sentence. Print in dotted font. Great for teachers and parents.

Educational handwriting printable trace worksheet

New

Screen Reader Text Preview - Online See Hidden A11y Labels

Enter HTML with aria-labels and see what a screen reader would announce. Simulates common patterns. Local educational tool.

Accessibility a11y preview screen reader text

New

Traceroute Simulator - Online Visual Hop Path

Simulate a traceroute by entering a destination IP. Learn about AS paths and latency. Does not send real packets; educational visualisation.

Educational education network traceroute visual

New

CSS Easing Curves Visualizer - Online Cubic & Steps

Graph a cubic‑bezier or steps easing function and see a bouncing ball animation using it. Copy the CSS timing‑function.

Developer Tools animation cubic‑bezier easing steps

New

Pixel Art Drawing Board - Online Retro Sprite Maker

Draw pixel art with a grid, color palette, and eraser. Export as PNG. Perfect for game developers and hobbyists.

Game canvas drawing pixel art sprite

New

Pathfinding Visualizer - Online A*, Dijkstra & BFS Grid

Draw walls on a grid and watch A*, Dijkstra, or BFS find the shortest path. Interactive animation. Learn graph traversal.

Developer Tools A* algorithm pathfinding visualizer

New

Password Entropy Calculator - Online Bits of Security Meter

Calculate the entropy (in bits) of a password based on character pool size and length. Visual strength meter with crack time estimation. Local only.

Calculator bits entropy password security

New

Regex Injection / ReDoS Tester - Online Safe Pattern Test

Test a regular expression against malicious inputs to detect catastrophic backtracking and ReDoS vulnerabilities. Educational.

Developer Tools injection ReDoS regex security

New

Frontend JS Library Vulnerability Scanner - Online Check Version

Paste a URL or HTML to detect known vulnerable JavaScript library versions. Quick security audit. Client‑side only.

Developer Tools JavaScript scanner security vulnerability