🍋
peasy / safe
Menu
All Tools Guides 33 Glossary 45 File Formats 131 Use Cases 302 API

Categories

P pdf I image D document T text D developer C css D design V video A audio Q qr S seo S security S social M math G generator
🍋 peasytools.com
🍋 Privacy & Security

CSP Header Generator

Build Content Security Policy headers

Free Browser-only No sign-up
chars words sentences lines

CSP Directives

Results

Result

About CSP Header Generator

Build Content-Security-Policy headers with an interactive form. Generates HTTP header, meta tag, Nginx, and Apache configurations.

How It Works

Combines your directive values into a valid CSP header string. Outputs ready-to-use configurations for HTTP headers, HTML meta tags, Nginx add_header, and Apache Header directives.

Step by Step

  1. 1 Set source values for each CSP directive
  2. 2 Use 'self' for same-origin, specific domains, or 'none' to block
  3. 3 Click Generate to build the CSP header
  4. 4 Copy the configuration for your server type
  5. 5 Test the policy with browser DevTools

Tips

  • Start with a restrictive policy and loosen as needed
  • Use 'self' as a baseline for most directives
  • Add CDN domains explicitly (e.g., cdn.jsdelivr.net)
  • Test with Content-Security-Policy-Report-Only first

Frequently Asked Questions

What is Content Security Policy?
CSP is an HTTP header that tells browsers which resources (scripts, styles, images, etc.) are allowed to load. It prevents XSS attacks and data injection.
Will CSP break my site?
It can if too restrictive. Start with Report-Only mode to log violations without blocking, then adjust directives before enforcing.