Content Security Policy (CSP) Builder

CSP headers are powerful but fiddly to write correctly. This builder lets you toggle each directive (script-src, style-src, img-src, etc.), pick allowed sources ("self", inline, eval, specific domains), and outputs a copy-paste-ready Content-Security-Policy header.

How to use the Content Security Policy (CSP) Builder

Use a preset for a quick start, then tweak. Each directive has a source list; common values are buttons (self, unsafe-inline, data:, https:), and you can add custom domains.