CSP Header Generator

Generate Content-Security-Policy headers with visual builder. Configure directives, sources, and policies. Test and validate CSP rules. Free, no signup.

Generate Content Security Policy (CSP) headers to protect your website from XSS, clickjacking, and other code injection attacks. Configure directives and get code for headers, meta tags, Nginx, or Apache.

Quick Presets

default-srcFallback for other resource types

script-srcJavaScript sources

style-srcCSS/stylesheet sources

img-srcImage sources

font-srcWeb font sources

connect-srcFetch, XHR, WebSocket sources

media-srcAudio/video sources

frame-srciframe sources

object-srcPlugin sources (Flash, etc.)

base-uriAllowed base tag URLs

form-actionForm submission targets

frame-ancestorsWho can embed this page

Output Format

Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; media-src 'self'; frame-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'