CSP Generator

Generate Content Security Policy headers with visual builder.

Free online tool. No signup required. All processing runs in your browser.

Click a preset to add it. Or type custom sources (space-separated).

default-src

script-src

style-src

img-src

connect-src

font-src

object-src

media-src

frame-src

frame-ancestors

base-uri

form-action

upgrade-insecure-requests

block-all-mixed-content

report-uri (optional)

Content-Security-Policy header

(set directives above)

About this tool

Use the visual builder to set directives (default-src, script-src, style-src, etc.) with common values like 'self' or custom sources. Copy the header for your server or meta tag.

What is CSP Generator?

Content Security Policy (CSP) is an HTTP header that tells the browser which sources can load scripts, styles, images, etc. It helps mitigate XSS and injection.

How to use CSP Generator

Set each directive (script-src, style-src, etc.).
Add 'self', 'none', or custom URLs.
Copy the Content-Security-Policy header.

Examples

Example input

default-src 'self'; script-src 'self'

Example output

Content-Security-Policy: default-src 'self'; script-src 'self';

FAQ

Where do I set CSP?

As an HTTP response header from your server, or via a <meta http-equiv="Content-Security-Policy" content="..."> tag.

What is report-uri?

report-uri (or report-to) sends violation reports to a URL when the browser blocks content. Optional but useful for debugging.

CSP Generator

About this tool

What is CSP Generator?

How to use CSP Generator

Examples

Example input

Example output

FAQ

Related tools

JWT Decoder

Hash Generator

JavaScript Obfuscator

JWT Generator

TOTP Generator

SSL Certificate Decoder