CSP Generator
Generate Content Security Policy headers visually.
Free online tool. No signup required. All processing runs in your browser.
Click a preset to add it. Or type custom sources (space-separated).
(set directives above)
About this tool
Use a visual builder to define directives like script-src and style-src, then copy the generated CSP header.
What is CSP Generator?
Content Security Policy (CSP) is a security header that controls which resources (scripts, styles, images) a browser is allowed to load.
How to use CSP Generator
- Configure directives (script-src, style-src, etc.).
- Add allowed sources like 'self' or domains.
- Copy the generated header.
Examples
Example input
default-src 'self'; script-src 'self'
Example output
Content-Security-Policy: default-src 'self'; script-src 'self';
FAQ
Where do I apply CSP?
As an HTTP response header or via a meta tag.
What is report-uri?
It sends violation reports to a specified endpoint.
Are these tools free?
Yes. All tools on DevToolsHub are free to use.
Does the tool store my data?
No. Processing happens in your browser. We do not store or send your input to any server.
Can I use the output in production?
Yes. Use the result as you like; we do not claim any rights over the output.