📡

CSP Header Generator

Build Content Security Policy headers interactively.

Content-Security-Policy

default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:

default-srcFallback for other directives

script-srcJavaScript sources

style-srcStylesheet sources

img-srcImage sources

font-srcFont sources

connect-srcAJAX, WebSocket, etc.

frame-srciframe sources

media-srcAudio/video sources

object-srcPlugin sources

base-uriBase element restriction

form-actionForm submission targets