CSP Generator

Generate Content Security Policy headers. Build CSP rules with our visual editor.

Start with a Preset

Configure Directives

Additional Options

upgrade-insecure-requestsblock-all-mixed-content

Security Warnings

•'unsafe-inline' in script-src significantly reduces XSS protection
•'unsafe-inline' in style-src allows inline styles
•Consider adding frame-ancestors to prevent clickjacking

Generated CSP

default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' https://fonts.gstatic.com; connect-src 'self'; object-src 'none'; upgrade-insecure-requests

Related Tools

View all Security tools →

robots.txt Generator

Block AI crawlers with robots.txt rules

.htaccess Generator

Block crawlers at server level

Security Headers Checker

Check security headers and get a grade

SSL Certificate Checker

Verify SSL validity and expiry