UT UsefulToolkit

Home About Contact Blog

Home About Contact Blog

Home / Security & Privacy / Content Security Policy Generator

Content Security Policy Generator

Build CSP headers to protect your website against XSS and code injection attacks.

Build a Content Security Policy header to protect your site against XSS, clickjacking, and other code injection attacks.

Presets:

default-srcFallback for other directives

script-srcJavaScript sources

style-srcCSS sources

img-srcImage sources

font-srcFont sources

connect-srcAJAX, WebSocket, fetch sources

media-srcAudio/video sources

object-srcPlugin sources (Flash, etc.)

frame-srciframe sources

frame-ancestorsWho can embed this page

base-uriRestrict base element URLs

form-actionForm submission targets

upgrade-insecure-requestsUpgrade HTTP to HTTPS

block-all-mixed-contentBlock HTTP on HTTPS pages

HTTP Header

Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; base-uri 'self'

Meta Tag

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'; base-uri 'self'">

UsefulToolkit — Free online tools that run entirely in your browser. No data is sent to any server.