UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36

Steps to reproduce the problem:
1. Open Devtools
2. Select the Security tab

What is the expected behavior?
The effective CSP for the current page is nicely rendered, e.g.:

script-src: 'self' https://example.com;
frame-src: 'none';
default-src: 'self';

What went wrong?
No CSP info shown.

Did this work before? No 

Chrome version: 66.0.3359.181  Channel: n/a
OS Version: OS X 10.11.6
Flash Version: 

CSP is an important web security feature. Due to multiple methods of specifying the CSP (all on one line, in response headers or possibly multiple meta tags), it is difficult to determine what the effective CSP is for a given page. It would be immensely helpful to see the values of all the CSP directives listed in an explicit and readable format, similar to the display of css properties in the Styles section.