← Back to Tools

🧱 CSP Generator

Build a Content-Security-Policy header interactively. Toggle directives on/off, specify allowed sources, then copy the finished header or meta tag directly into your application.

Content-Security-Policy header value:


            default-src 'self';

Custom directive name

Sources (space-separated)

Presets

What is Content-Security-Policy?

CSP is an HTTP response header that tells browsers which resources are allowed to load on your page. It is one of the most effective defenses against Cross-Site Scripting (XSS) attacks.

Add it to your server response headers: Content-Security-Policy: <policy>

Or use a <meta http-equiv> tag in your HTML head (note: this cannot set some directives like frame-ancestors).