Analysis ToolsAvailable

CSP Builder

Visually construct a Content Security Policy header. Toggle directives, pick source values, and add custom origins. The policy string updates in real time.

Content-Security-Policy

default-src 'self'; script-src 'self'

As HTTP header:

Content-Security-Policy: default-src 'self'; script-src 'self'

'self'

Common values

'self'

Always test your CSP in report-only mode first using Content-Security-Policy-Report-Only before enforcing it in production. A strict CSP can block legitimate resources.