CSP Policy Builder

Build a Content Security Policy without hand-writing every directive. Choose a preset, tune allowed sources, enable report-only mode, and instantly generate a header string, meta tag, Nginx snippet, and JavaScript server config.

Security headers Meta tag output Report-only mode Deployment snippets 100% client-side

Policy setup

Start with a preset, then adjust directives and sources. The policy preview updates live as you change settings.

Project label

Policy mode

Report URI / endpoint

Presets

Extra directives

upgrade-insecure-requests block-all-mixed-content

Lockdown helpers

base-uri 'self' frame-ancestors 'none'

Directives enabled0

Custom sources0

Risk levelLow

Header length0 chars

Your policy currently looks fairly tight.

Tip: if you need inline scripts, prefer nonces or hashes in production. This builder intentionally flags 'unsafe-inline', 'unsafe-eval', *, and broad data/blob allowances so the tradeoffs stay visible.

Generated output

Switch views and copy exactly what you need for deployment or testing.

Pick a preset or edit directives to generate your CSP outputs.