Content Security Policy Generator

CSP Header

Default Source

Serves as a fallback for other CSP fetch directives

Script Source

Specifies valid sources for JavaScript

Style Source

Specifies valid sources for stylesheets

Image Source

Specifies valid sources of images and favicons

Connect Source

Restricts the URLs which can be loaded using script interfaces

Font Source

Specifies valid sources for fonts loaded using @font-face

Object Source

Specifies valid sources for the <object>, <embed>, and <applet> elements

Media Source

Specifies valid sources for loading media using the <audio> and <video> elements

Frame Source

Specifies valid sources for nested browsing contexts loading using elements such as <frame> and <iframe>

Sandbox

Enables a sandbox for the requested resource similar to the <iframe> sandbox attribute

Report URI

Instructs the user agent to report attempts to violate the Content Security Policy

Report To

Specifies the destination for reporting content security policy violations