CSP Generator - Create Content Security Policy Online

Create Content Security Policy header

Directives

Fallback for other directives
Source for JavaScript
Source for CSS
Source for images
Source for fonts
Source for fetch, XHR, WebSocket
Source for audio/video
Source for iframe
Source for object, embed
Limit URLs to <base>
Limit URLs for form submissions
Who can embed this page?

Generated CSP

default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:">

CSP Generator - Create Free Content Security Policy Header Online

Visual Content Security Policy (CSP) header generation tool. Protect website from XSS, clickjacking, data injection attacks. 12 popular directives, preset sources available, add custom domains, export HTTP header or meta tag. Improved security score.

Outstanding features

12 popular directives: default-src, script-src, style-src...
Preset sources:
,
,
, data:, https:...
Add custom domains for each
directive Toggle on/off each directive easily
Export as HTTP header or meta tag
Explain the meaning of each directive
Copy CSP with one click
Intuitive, easy-to-use interface

What is Content Security Policy and why is it important?

Content Security Policy (CSP) is the most important security HTTP header for websites. CSP controls the resources (scripts, styles, images, fonts...) that are allowed to load, effectively preventing XSS (Cross-Site Scripting), clickjacking, and data injection attacks. According to OWASP, XSS is one of the most common vulnerabilities. Proper CSP can prevent most XSS attacks even when the code has errors.

Benefits when used

  • Effectively prevent XSS attacks
  • Protection against clickjacking
  • Strictly control the resources loaded
  • Improved security score (Mozilla Observatory, SecurityHeaders.com)
  • Comply with security best practices

How to create CSP header

  1. 1Click on the directive to enable (eg: script-src)
  2. 2Select allowed sources by clicking the
  3. 3buttons Add custom domains if needed (eg https://cdn.example.com)
  4. 4See CSP generated realtime
  5. 5Copy HTTP header or meta tag
  6. 6Add server config or HTML

Cooperate immediately with Mavis Digital

We not only design websites, but also help businesses build strong digital brands. Providing comprehensive website design services from design to SEO optimization. Please contact Mavis Digital immediately to create breakthrough, effective and sustainable technology solutions for your business in Ho Chi Minh.

Tools Security Tools related

File Hash Checker

Calculate and compare SHA hashes.

Password Leak Checker

Check for leaked passwords.

Security Headers Generator

Create security headers.

SRI Generator

Create Subresource Integrity.