SnappTools logoSnappTools

CSP Header Generator

Visually build Content-Security-Policy headers. Use presets or configure each directive.

Presets:
Generated CSP Header
Configure directives below to generate a CSP header...
Fallback for other directives
Valid sources for JavaScript
Valid sources for stylesheets
Valid sources for images
Valid sources for fonts
Valid targets for fetch, XHR, WebSocket
Valid sources for audio and video
Valid sources for plugins (object, embed)
Valid sources for iframes
Valid sources for web workers and frames
Valid sources for Worker, SharedWorker
Valid targets for form submissions
Valid parents that may embed this page
Valid URLs for the base element
Valid sources for web app manifests

About CSP Header Generator

CSP Header Generator builds Content-Security-Policy headers visually. Configure each CSP directive — default-src, script-src, style-src, img-src, connect-src, and more — using a form interface, and get the complete CSP header value ready to add to your server response.

Content Security Policy is a browser security feature that prevents cross-site scripting (XSS) and other code injection attacks by whitelisting approved content sources. Writing a correct CSP manually requires understanding many directives and source expression syntax — this tool makes it approachable.

Includes presets for common use cases: strict CSP, inline script allowed, and CDN-friendly configurations.

Features

  • Visual configuration of all CSP directives
  • Common source expression keywords (self, none, unsafe-inline)
  • Presets for strict and relaxed CSP configurations
  • Complete header value output
  • Report-uri and report-to directive support

Common Use Cases

  • Implementing Content-Security-Policy for web security
  • Learning CSP directives without memorizing syntax
  • Building CSP for sites using specific CDN resources
  • Tightening security policy for a production website