Content Security Policy (CSP) Generator
Use this interactive tool to generate a proper CSP header for your website, to protect your user's privacy.
A Content-Security-Policy is an HTTP header that adds an extra layer of security to a website. It is used to protect users from Cross Site Scripting and Data Injection attacks. To learn more about CSP, please read our explanation of the CSP header.
To generate your CSP, please select from the options below and click the "Add" button for each directive that you want to include in your CSP.
Your CSP will appear here after you add some options below
To simplify this tool and make it easy to use, some seldom used and advanced features have been omitted. If you have a need for these advanced features, you probably already know about it. You can read about them on the MDN Docs for CSP.
Test Your Website
Once you have made changes to your CSP header, type your domain name into the box below and run a free ValidBot Test to check if everything is correct. Look in the "Server" section of the report to see if you made all the changes correctly.
If you have implemented a strong Content Security Policy, your users will be protected from certain types of attacks. Obviously this is good for users, but it is also good for the repuation and liability of the website.