CSP Header Builder

Build Content-Security-Policy headers visually with presets, per-directive toggles, and custom domain inputs.

All processing happens in your browser

Presets

default-srcFallback for all fetch directives

script-srcValid sources for JavaScript

style-srcValid sources for stylesheets

img-srcValid sources for images

font-srcValid sources for fonts

connect-srcValid targets for fetch/XHR/WebSocket

frame-srcValid sources for nested browsing contexts

media-srcValid sources for audio/video

object-srcValid sources for plugins (object/embed)

Enable report-uri

CSP Header

default-src 'self'

Usage in HTTP header:

Content-Security-Policy: default-src 'self'

Uploadless·2026

About·Transparency·No tracking. No uploads. No cookies.