ad
CSP Header Generator
Build Content-Security-Policy headers visually.
default-srcFallback for other directives
script-srcJavaScript sources
style-srcCSS sources
img-srcImage sources
font-srcFont sources
connect-srcXHR, WebSocket, fetch
media-srcAudio/video sources
object-srcPlugins (Flash, etc.)
frame-srciframe sources
base-uriBase element URLs
form-actionForm submission URLs
frame-ancestorsWho can embed this page
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src 'none'">
ad