CSP Header Generator
Build Content-Security-Policy headers securely and easily
Directives
+ Add Directive
default-src
script-src
style-src
img-src
connect-src
font-src
object-src
media-src
frame-src
frame-ancestors
base-uri
form-action
worker-src
manifest-src
prefetch-src
report-uri
report-to
Add
Cancel
Generated CSP
Copy Header
Content-Security-Policy:
Report-Only Mode
Copy as <meta> Tag
Security Tools
Hash Generator
SHA-256
SHA-384
SHA-512
Generate Hash
Nonce Generator
Generate Random Nonce
Security Warnings
No issues detected. Your CSP looks solid.
✕
'self'
'none'
'unsafe-inline'
'unsafe-eval'
+ Hash/Nonce