// SECURITY TOOLKIT
Defensive analyst tools, built in.
Nine practical tools for hardening and triage — all running natively on the platform. Network tools are rate-limited and refuse internal targets.
CSP Analyzer
Defensive utilities only. Network tools refuse internal/reserved addresses and are rate-limited.
Frequently asked questions
Why avoid "unsafe-inline" in CSP?
It allows inline scripts/styles, which defeats much of CSP's XSS protection. Prefer hashes or nonces instead.
Where do I start with CSP?
Begin with default-src 'self', then explicitly allow only the sources you need, and tighten script-src first.