Parses every directive, flags unsafe-inline/eval, wildcards, and missing protections. Grades A+ through F.
Based on CSP Level 3 and OWASP guidance.