CSP Header Generator
Build a Content-Security-Policy header interactively by filling in each directive.
Directives
Fill in at least one directive to generate the header.
About CSP Header Generator
The Content-Security-Policy HTTP response header helps prevent cross-site scripting (XSS) and other injection attacks by specifying which sources the browser should allow for each resource type. Use 'self' to allow only your own origin, 'none' to block everything, or list specific URLs. Always test your CSP in report-only mode first using Content-Security-Policy-Report-Only.
Private & free — this tool runs entirely in your browser.
Recommended: IndieKit — Ship your Next.js startup in days.affiliate
Related Developer Utilities tools
RegExp Tester
Test regular expressions and inspect matches locally.
Regex Visualizer
Visual regex pattern diagram with live match highlighting and capture group annotations.
Subnet Calculator
Compute CIDR subnets, usable hosts, and network ranges.
Cron Parser
Translate cron syntax into plain English.
URL Parser
Break a URL into protocol, host, path, and query parts.
HTML Previewer
Paste HTML and see it rendered live in a safe, sandboxed preview.
HTTP Status Code Reference
Search and look up every HTTP status code and its meaning.
MIME Type Lookup
Find the MIME type for a file extension, or the extensions for a MIME type.