CSP Generator
Generate Content Security Policy headers for web applications
cspcontentsecuritypolicyheadersxssprotection
Policy Strength
Current security level based on your configuration
100%
High Security
Quick Start Presets
Choose a security level to get started quickly
CSP Directives
Configure individual directives to control resource loading
default-src
Fallback for other directives
1 source configured
'self'
Quick Add:
Generated CSP
Copy the appropriate format for your server configuration
HTTP Header
Add this header to your server response
Content-Security-Policy: default-src 'self'CSP Best Practices
Implementation
- Start with Report-Only mode to test
- Use nonces or hashes for inline scripts
- Avoid 'unsafe-inline' and 'unsafe-eval'
- Be specific with source allowlists
Security
- Regularly review and update policies
- Monitor violation reports
- Use HTTPS for all resources
- Test thoroughly before enforcement