CSP Header Generator-- Content Security Policy

Build Content Security Policy headers interactively.

default-srcFallback for other directives

script-srcJavaScript sources

style-srcCSS stylesheet sources

img-srcImage sources

connect-srcXHR, WebSocket, fetch sources

font-srcWeb font sources

frame-srcIframe sources

Generated CSP Header

Why Use Our CSP Generator?

7 Directives

All major CSP directives.

Real-Time

Updates as you configure.

XSS Protection

Prevent code injection.

Custom Sources

Add any domain or source.

One-Click Copy

Copy the full header.

Free Forever

No signup, no limits.

Other Security Tools

CORS Header

Generate CORS headers

Hash Generator

Generate MD5/SHA hashes

SSL Cert Decoder

Decode SSL certificates

Password Checker

Check password strength

CSP Guide

CSP (Content Security Policy) is a security mechanism that helps detect and mitigate certain types of attacks like Cross-Site Scripting (XSS) and data injection. It works by specifying which content sources the browser should trust, effectively creating a whitelist of allowed origins for scripts, styles, images, and other resources.

What is CSP?

Content Security Policy (CSP) is an HTTP header that helps prevent XSS, clickjacking, and other code injection attacks by specifying which content sources the browser should trust.

What directives are available?

This tool supports default-src, script-src, style-src, img-src, connect-src, font-src, and frame-src directives.

Can I add custom sources?

Yes! Type custom domains or sources in the text input for each directive and click Add.

Is this tool free?

Yes, completely free with no signup or limits.

CSP Header Generator Tool

Why Use Our CSP Generator?

Other Security Tools

CSP Guide