CSP Header Generator
// Generate Content Security Policy headers
'self''none''unsafe-inline''unsafe-eval'data:blob:https:*
Content-Security-Policy: default-src 'self'
<meta http-equiv="Content-Security-Policy" content="default-src 'self'">
#About CSP Header Generator
Free online CSP header generator. Build Content-Security-Policy headers with a visual editor for web security. This tool runs entirely in your browser — your data is never sent to a server. Just paste your input, get instant results, and copy with one click. No sign-up or installation required.
#FAQ
What is a Content Security Policy (CSP) header? ▾
A CSP header is an HTTP response header that tells browsers which sources of content (scripts, styles, images, etc.) are allowed to load on your page. It is one of the most effective defenses against cross-site scripting (XSS) and data injection attacks.
How do I test a CSP header without breaking my site? ▾
Use the Content-Security-Policy-Report-Only header first, which logs violations to a reporting endpoint without actually blocking anything. Once you have reviewed the reports and fixed any issues, switch to the enforcing Content-Security-Policy header.
</> Embed this tool ▾
Copy this code to embed the tool on your website. Adjust the height to fit your layout.
<iframe src="https://www.browserutils.dev/embed/csp-header-generator" width="100%" height="500" frameborder="0" title="CSP Header Generator"></iframe>