Utilko logo Utilko

CSP Header Generator

Visually build a Content-Security-Policy HTTP header. Enable directives like script-src, style-src, and img-src with checkboxes. Copy the generated header string.

  • 100% free
  • No signup
  • Runs in your browser
Common uses: csp header generator · content security policy generator · csp builder · content-security-policy · http security headers

Used 13.6K times today

default-srcFallback for all resource types
Common: 'self' 'none' 'unsafe-inline' 'unsafe-eval' https: data: *.example.com
script-srcJavaScript sources
Common: 'self' 'none' 'unsafe-inline' 'unsafe-eval' https: data: *.example.com
style-srcCSS sources
Common: 'self' 'none' 'unsafe-inline' 'unsafe-eval' https: data: *.example.com
img-srcImage sources
Common: 'self' 'none' 'unsafe-inline' 'unsafe-eval' https: data: *.example.com
font-srcFont sources
connect-srcAJAX, WebSocket sources
media-srcAudio and video sources
object-srcPlugin sources (Flash, etc.)
frame-srciframe sources
worker-srcWeb Worker sources
form-actionForm submission targets
upgrade-insecure-requestsUpgrade HTTP to HTTPS
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:

How to Use CSP Header Generator

  1. 1

    Enable directives

    Check the directives you want to include such as default-src, script-src, and style-src.

  2. 2

    Set source values

    Enter allowed sources for each directive, such as self, https:, or specific domains.

  3. 3

    Copy the header

    Copy the generated Content-Security-Policy header string for your web server configuration.

Frequently Asked Questions

What is a Content Security Policy?
A CSP is an HTTP response header that restricts which resources a browser can load, significantly reducing the risk of XSS attacks.
Should I start with strict-dynamic?
For modern apps, strict-dynamic with nonces is the most secure approach. For simpler sites, a basic default-src self policy is a good starting point.

Embed This Tool

Add this tool to your website for free. Just copy and paste the code below:

<iframe src="https://utilko.com/embed/csp-header-generator/" width="100%" height="500" frameborder="0" title="CSP Header Generator"></iframe>

About CSP Header Generator

The CSP Header Generator on Utilko provides a visual builder for Content-Security-Policy headers — one of the most effective HTTP security measures to prevent cross-site scripting attacks.

More Privacy & Security Tools

What Is My IP

Instantly find your public IP address, location, ISP, and network details. Detect IPv4 and IPv6 with one click — no software required.

Password Strength Checker

Test the strength of any password instantly. Get a score, entropy estimate, crack-time estimate, and actionable tips to make your password stronger.

Email Validator

Validate any email address format instantly. Check syntax, domain structure, and common typo patterns without sending a test email.

DNS Lookup

Perform a live DNS lookup for any domain. Query A, AAAA, MX, CNAME, TXT, NS, and SOA records to troubleshoot DNS propagation and email issues.

WHOIS Lookup

Look up WHOIS data for any domain to find the registrar, registration date, expiry date, name servers, and registrant contact information.

SSL Checker

Check the SSL/TLS certificate of any website. Verify validity, expiry date, issuer, cipher suite, and certificate chain to ensure your site is secure.

HTTP Header Checker

Fetch and inspect the HTTP response headers of any URL. Check status codes, security headers, caching directives, and server information instantly.

User Agent Finder

Instantly detect and display your browser's user agent string. Parse it to identify your browser name, version, OS, device type, and rendering engine.