DLP Validator — Complete Guide

Feature-by-feature walkthrough of every capability in the DLP testing suite.

On This Page

  1. File Upload Testing (HTTP/HTTPS/FTP)
  2. Download Test Documents
  3. Raw Text POST
  4. File Metadata & Label Checker
  5. Regex Creator
  6. Regex Translator
  7. DLP Test Data Generator
  8. Unique: Endpoint DLP Agent Detection

1. File Upload Testing

Upload any file through three different protocols to test whether your DLP solution inspects traffic across all channels.

How to Use

  1. Navigate to DLP ValidatorUpload tab.
  2. Select your file using the file picker.
  3. Choose a protocol: HTTP (port 80), HTTPS (port 443), or FTP (port 21).
  4. Click the upload button for your chosen protocol.
  5. Check the result — if your DLP blocks the upload, you'll see a blocked status; if it passes through, the upload succeeds.
💡 Tip: Use the Sample Data Download tab to generate DLP test payloads containing realistic compliance test data (PII, PCI, PHI) so you're testing with dynamic content, not static hash-matched samples.

2. Download Test Documents

Generate dynamic documents with realistic compliance test data patterns for DLP testing. Each payload creates a unique file — preventing static hash fingerprinting from bypassing your DLP.

Available Data Types

  • PII (Personally Identifiable Information) — Social Security Numbers, names, addresses, phone numbers, dates of birth.
  • PCI (Payment Card Industry) — Credit card numbers (Visa, MasterCard, Amex), CVVs, expiration dates, cardholder names.
  • PHI (Protected Health Information) — Medical record numbers, patient names, diagnosis codes, treatment records.

Available File Formats

PDFDOCXXLSXCSV
🔍 Proxy Mode DLP Validation

ITSecTools validates DLP configured in proxy/inline mode by generating documents with embedded PII, PCI, and PHI data and downloading them over HTTPS. This tests whether your DLP engine can intercept and inspect file content during transit — not just at the endpoint level.

  • CSV — Plain text with comma-delimited fields. Easily parseable by all DLP engines.
  • XLSX — XML-based spreadsheet inside a ZIP archive. Most DLP engines parse this format reliably.
  • DOCX — OOXML ZIP archive. The DLP engine must decompress the ZIP, parse word/document.xml, and extract text content before applying pattern matching.
  • PDF — Binary format with text inside content stream objects (often FlateDecode compressed). Requires the DLP engine to parse the PDF structure, decompress streams, and extract text.

Each download is dynamically generated with fresh data to prevent static hash fingerprinting. If your proxy DLP blocks the download, it confirms the engine is performing real-time content inspection on that file format. Testing all four formats reveals the depth of your DLP engine's file parsing capabilities.

3. Raw Text POST

Execute a data-in-motion exfiltration simulation via HTTP or HTTPS POST. Tests whether your DLP solution scans inline text — not just file attachments. By selecting HTTP, the platform proxies the payload unencrypted over Port 80, ensuring inline network firewalls can inspect the egress traffic.

How to Use

  1. Switch to the Text POST tab.
  2. Enter or paste text containing sensitive data (e.g., SSN: 123-45-6789).
  3. Click Send POST.
  4. If your DLP inspects data-in-motion exfiltration, it should detect and block the request.

4. File Metadata & Label Checker

Upload any document to deep-scan it for sensitivity labels, classification markings, content-level DLP patterns, and file integrity hashes. This is a capability not found in most free DLP testing tools.

Detection Methods

  • DOCX/XLSX Label Extraction — Reads Microsoft Information Protection (MIP) labels from docProps/custom.xml inside the ZIP archive. Detects labels like Confidential, Internal, Public, Top Secret.
  • PDF Metadata Scanning — Extracts Classification and Label properties from PDF metadata dictionaries using raw binary parsing.
  • Content-Level DLP Matching — Scans file content for PII patterns (SSN), PCI data (credit card numbers), and keyword-based classification markers.
  • File Integrity Hashing — Computes MD5 and SHA-256 hashes for verification and threat intelligence lookups.

Color-Coded Results

  • ● Red — Confidential / Secret / Top Secret
  • ● Blue — Internal / Restricted
  • ● Green — Public / Unclassified

5. Regex Creator

Build DLP regex patterns from a sample text string. The tool auto-detects the data structure (e.g., digits, letters, separators) and lets you customize each segment's match type and quantity before generating a vendor-optimized regex pattern.

How to Use

  1. Switch to the Regex tab, then select Regex Creator.
  2. Enter a sample text (e.g., MRN:1234567).
  3. Click Analyze — the tool auto-detects each segment's type (letters, digits, separator, etc.).
  4. Refine each segment's match type (27 options: exact digits, any digit, hex, alphanumeric, etc.) and quantity (exact, range, one-or-more).
  5. Select your target DLP vendor (Forcepoint, Symantec, Palo Alto, Zscaler, Netskope, Trellix, Microsoft Purview, Proofpoint, Fortinet).
  6. Click Generate Regex — the tool outputs a vendor-optimized pattern with a plain English explanation.
  7. Optionally enter a test string and click Test to validate the pattern matches your data.

Supported DLP Vendors

Forcepoint DLPForcepoint DSPMSymantec (Broadcom)Palo Alto NetworksZscalerNetskopeTrellix DLPFortinetMicrosoft PurviewProofpoint

6. Regex Translator

Convert any existing regex pattern into a vendor-optimized version for your target DLP platform. Handles syntax differences between PCRE, RE2, Java, and cloud-native regex engines automatically.

How to Use

  1. Switch to the Regex tab, then select Regex Translator.
  2. Paste your existing regex pattern into the input field.
  3. Select your target DLP vendor.
  4. Optionally enter a test string to validate the translated pattern.
  5. Click Translate & Test — the tool outputs the vendor-optimized regex and shows whether it matches your test string.

7. DLP Test Data Generator

Generate real test files that challenge your DLP engine's inspection depth. These are actual downloadable files — not simulated traffic — designed to test how your DLP handles common evasion techniques.

Renamed Extensions

Generates a valid DOCX document with sensitive data but saves it as .jpg or .png. Tests whether your DLP inspects file magic numbers (file signatures) rather than trusting the extension.

Base64 Encoding

Obfuscates sensitive text (SSN, credit cards) into Base64 format. Tests if your DLP can decode and inspect Base64-encoded content in transit.

Password-Protected Archives

Generates AES-256 encrypted ZIP files with sensitive documents inside. Tests your DLP's fail-close vs. fail-open policy — does it block archives it can't inspect, or let them through?

Nested Archives

Wraps sensitive data inside multiple ZIP layers (ZIP-in-ZIP-in-ZIP). Tests your DLP's maximum archive extraction depth — most solutions stop at 2-3 levels.

Unique Capability: Endpoint DLP Agent Detection

ITSecTools is the only free online DLP testing tool that can detect and report when an Endpoint DLP agent blocks a file upload at the browser level — even when the DLP is configured in inline/proxy mode. When an endpoint agent intercepts the upload before data leaves the browser, ITSecTools provides a clear, actionable message:

BLOCKED: HTTP Upload intercepted by Endpoint DLP agent before data reached the browser.

Why This Matters

  • Most DLP testing tools silently fail or show generic "upload failed" errors — they cannot tell you why or where the block occurred.
  • ITSecTools clearly differentiates between network/proxy DLP blocks (intercepted during file transmission) and endpoint DLP blocks (intercepted before data even leaves the browser).
  • This helps security teams confirm their endpoint DLP agent is actively enforcing policies, even on machines that also have network-based proxy DLP enabled.
  • Compatible with Forcepoint DLP, Symantec Endpoint DLP, and other endpoint DLP agents that operate at the browser level.
Not Available Elsewhere: Other free DLP testing websites (e.g., dlptest.com) can only validate network/proxy DLP by checking if file transfers are blocked on the wire. They have no ability to detect or report endpoint-level DLP interception. ITSecTools is uniquely designed for organizations running endpoint and network DLP in parallel — giving visibility into both layers from a single test.
Open DLP Validator →