Content Security Policy (CSP) Header Generator

Scan your website and generate a CSP header automatically. A well-configured Content Security Policy helps protect your visitors from cross-site scripting and data injection attacks.

Important: The generated policy is a starting point based on the resources detected during the scan. You should expect to make adjustments and thoroughly test your site after applying the header. Incorrect CSP rules can block legitimate content from loading.

Generate Your Policy

Enter your website address below. We'll scan the page and identify the external resources it loads.

Scanning website resources…

Generated CSP Header

Detected Resources

Scripts
script-src
    Stylesheets
    style-src
      Images
      img-src
        Fonts
        font-src
          Frames
          frame-src

            Why Use a CSP?

            A Content Security Policy is a critical HTTP header that helps prevent cross-site scripting (XSS), clickjacking, and other code injection attacks by controlling which resources the browser is allowed to load.

            Learn About Security Headers

            Understanding the full range of security headers — including CSP, HSTS, and X-Frame-Options — is essential for hardening your website.

            Read our Security Headers guide