Content Security Policy Builder
Point-and-click builder for the Content-Security-Policy HTTP header. Enable directives (default-src, script-src, style-src, img-src, etc.), add source values ('self', 'unsafe-inline', CDN origins), and get the complete header value. Shows a risk assessment for each choice.
Loading tool...Loading tool...
Common Use Cases
- Build a CSP for a new web application
- Audit existing CSP policy strength
- Debug CSP violations by building the policy
- Migrate from report-only to enforced CSP
Frequently Asked Questions
What is 'unsafe-inline' and why should I avoid it?
'unsafe-inline' allows inline <script> and <style> tags, negating most of CSP's XSS protection. Instead, use nonces (a random token per request on allowed inline scripts) or hashes of specific inline scripts.
Related Tools
Robots.txt GeneratorBuild a robots.txt file with a UI. Set rules per bot, allow/disallow paths, set sitemap URL.HTTP Status CodesComplete reference for all HTTP status codes with descriptions, use cases, and RFC links.URL Parser & BuilderParse any URL into its components and rebuild it. Edit parts individually.
Tool Info
CategorysecurityAI EnhancementNoData StorageZero retention