CSP violation decoder
Paste a CSP violation report. Get a plain-English explanation, an attack-vs-misconfiguration verdict, and a fix recommendation.
Browsers POST CSP violation reports to your report-to endpoint in two formats — the legacy application/csp-report shape and the modern Reporting API JSON array. Paste either one below. This tool normalizes the fields, flags the report as a likely attack vs. a likely misconfiguration, and writes a fix you can actually act on. All parsing happens in your browser.
The attack vs. misconfiguration call is heuristic — based on the blocked URI, the script sample, and a small allowlist of well-known SaaS hosts. Treat "low confidence" verdicts as a starting point, not a verdict. The parsed fields underneath always reflect the raw report.
GlitchReplay does this on every event you capture. Sentry-SDK compatible, flat-rate pricing, session replay included — built on Cloudflare so a bad deploy will never blow up your bill.