TL;DR. Browsers fail closed on missing security headers — one wrong directive converts a production site into an XSS or data-exfiltration surface, and the failure is silent until a breach or PCI review.
The CSP Allowlist Completeness is the audit you reach for when you already suspect a problem in this dimension and need a fast, copy-paste-able fix list. It reuses the same chrome as every other jwatte.com tool — deep-links from the mega analyzers, AI-prompt export, CSV/PDF/HTML download — but the checks it runs are narrow and specific to the dimension described above.
Scans every
Send a Message
Response within 24 hours.
J.A. personally reads every message.
This site uses Google Analytics and Microsoft Clarity for anonymous usage analytics. Optional cookies are only set if you accept. See our cookie policy or privacy policy.
