CSP Builder
Policy Templates
Start by choosing a template, then fine-tune directives based on your business needs for better efficiency.
Directive Editor
Edit directives line by line. Supports add, delete, and quick source insertion.
Output Result
Content-Security-Policy
HTTP Header
Content-Security-Policy: default-src 'self'; script-src 'self' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; connect-src 'self' https:; frame-ancestors 'self'
HTML Meta
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; connect-src 'self' https:; frame-ancestors 'self'">
Risk Warning
Contains 'unsafe-inline', which reduces XSS protection.
Recommend explicitly setting object-src 'none'.