What is Content Security Policy?

A security feature that allows websites to specify what resources can be loaded in a web page.

How do I use CSP Generator?

Input trusted resource origins, then the tool will generate appropriate CSP headers for your application.

Yes, but ensure all inputs are correct as incorrect settings may lead to security vulnerabilities.

What alternatives exist?

Manual header creation or using other web security tools that offer similar functionality.

Does it protect privacy?

Yes, the tool operates entirely in your browser with no data sent or stored.

Content Security Policy Generator

Generate Content-Security-Policy headers to protect against XSS and injection attacks

Default Source

Script Sources

Style Sources

Image Sources

Font Sources

Connect Sources (API, WebSocket)

Frame Sources

Upgrade Insecure Requests

Block Mixed Content

Result

HTTP Header

Content-Security-Policy: default-src 'self'; upgrade-insecure-requests; block-all-mixed-content

Meta Tag

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; upgrade-insecure-requests; block-all-mixed-content">

Raw Policy

default-src 'self'; upgrade-insecure-requests; block-all-mixed-content

Security NotesNo security warnings

Related Tools

CORS Header Generator

Generate CORS headers

Subresource Integrity Hash Generator

Generate SRI hashes

Secure Headers Checker

Check your security headers

About This Tool

The Content Security Policy (CSP) Generator helps developers create robust security policies to prevent cross-site scripting and other code injection attacks. It is particularly useful for web developers looking to secure their applications against modern threats.

Users provide details about the origins of trusted scripts, images, and other resources, and the tool generates a CSP header that can be included in server responses. The output includes directives such as 'script-src', 'img-src', etc., tailored to user inputs.

Ideal for web developers who want to enhance their application's security without compromising functionality or performance. This browser-based utility ensures privacy by processing data locally, requiring no sign-up and sending no information.