CSP Generator
Build Content Security Policy headers visually. Toggle directives, select sources, and copy the complete header string. 100% client-side.
CSP Header
default-src 'self'HTML Meta Tag
<meta http-equiv="Content-Security-Policy" content="default-src 'self'" />default-srcFallback for other directives
script-srcJavaScript sources
style-srcCSS stylesheet sources
img-srcImage sources
font-srcFont file sources
connect-srcFetch, XHR, WebSocket
media-srcAudio and video
object-srcPlugins (Flash, etc.)
frame-srcIframe sources
worker-srcWeb Workers
manifest-srcWeb manifest
base-uriRestrict base element
form-actionForm submission targets
frame-ancestorsWho can embed this page
upgrade-insecure-requestsUpgrade HTTP to HTTPS
block-all-mixed-contentBlock mixed HTTP/HTTPS