CSP Generator

Build Content Security Policy headers to protect your website from XSS and data injection attacks.

Quick Presets

Directives

Generated CSP

HTTP Header:

Content-Security-Policy: default-src 'self'

Meta Tag:

<meta http-equiv="Content-Security-Policy" content="default-src 'self'">

Add Custom Source

CSP Directive Reference

default-src: Fallback for other directives
script-src: Valid sources for JavaScript
style-src: Valid sources for stylesheets
img-src: Valid sources for images
connect-src: Valid sources for fetch, XHR, WebSocket
font-src: Valid sources for fonts
frame-src: Valid sources for frames
object-src: Valid sources for plugins
base-uri: Valid sources for <base> element
form-action: Valid targets for form submissions