XSS protection — prevent unauthorized inline scripts.Resource lockdown — block third-party trackers.Compliance — meet security audit requirements.Migration — start with report-only and tighten gradually.

🛡️

CSP Header Generator

Build Content-Security-Policy headers visually. Pick directives, allowlist sources, generate header and meta tag. Runs in your browser.

Directive Sources default-src

script-src

style-src

img-src

font-src

connect-src

frame-src

media-src

object-src

CSP header

Reference

What is CSP?

Content-Security-Policy is an HTTP header that controls which resources a page can load. Directives like script-src, style-src, img-src restrict by origin. A strong CSP mitigates XSS and data-exfiltration attacks. Use 'self' for same-origin, list specific hosts, or use nonce-... / 'sha256-...' for inline scripts.

Common uses

XSS protection — prevent unauthorized inline scripts.
Resource lockdown — block third-party trackers.
Compliance — meet security audit requirements.
Migration — start with report-only and tighten gradually.

Privacy

All generation runs 100% in your browser. No data is sent to any server.

← Back to all tools