CSP Header Generator

Build Content Security Policy headers interactively

Presets

default-srcFallback for other directives

script-srcValid sources for JavaScript

style-srcValid sources for stylesheets

img-srcValid sources for images

font-srcValid sources for fonts

connect-srcValid targets for fetch, XHR, WebSocket

media-srcValid sources for audio and video

object-srcValid sources for plugins (object, embed)

frame-srcValid sources for iframes

worker-srcValid sources for workers

form-actionValid targets for form submissions

frame-ancestorsValid parents that can embed this page

base-uriRestrict base element URLs

HTTP Header

Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:

Meta Tag

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:">