FreeDev Tools

CSP Header Generator

Generate a Content Security Policy header for your web application.

Fallback for all fetch directives

Valid JavaScript sources

Valid CSS sources

Valid image sources

Valid XHR/fetch targets

Valid font sources

Valid iframe sources

Valid plugin sources

Frequently Asked Questions

CSP is an HTTP header that tells browsers which sources of content are allowed. It prevents XSS attacks by blocking unauthorized scripts, styles, and other resources.