CSP Builder

Compose Content Security Policy directives locally and inspect the resulting header.

Parse Existing Header

Directives

0 active
default-src
script-src
style-src
img-src
font-src
connect-src
media-src
object-src
frame-src
child-src
worker-src
manifest-src
base-uri
form-action
frame-ancestors
navigate-to
report-uri
report-to
upgrade-insecure-requests inactive

This directive is emitted without any values.

block-all-mixed-content inactive

This directive is emitted without any values.

Step by step

How to use CSP Builder

  1. 1

    Choose Content Security Policy directives and add the sources required by the application.

  2. 2

    Assemble the policy while reviewing the generated header value.

  3. 3

    Copy the policy into a report-only rollout or server configuration for testing.

Capabilities

What this tool handles

  • Directive-by-directive header assembly
  • Useful for rollout planning and audits
  • No backend needed for policy drafting

Common uses for CSP Builder

  • Draft a baseline CSP before enabling enforcement on a web application.
  • Review third-party script, image, font, frame, and connection origins by directive.

What to check before using the result

A generated policy must be tested against the real site, ideally in report-only mode first; an incorrect policy can break required application behavior.

Privacy and accuracy

Questions about CSP Builder

Does this tool upload my input?

The conversion or analysis runs in your browser. The application does not intentionally send the value you enter to a processing API. Standard hosting infrastructure can still receive request metadata when the page loads; see the privacy page for details.

Can I rely on the output without checking it?

Use the result as a focused development aid and verify it in the system where it will be used. Test representative edge cases and confirm the destination uses the same format, standard, and assumptions described on this page.

Related Tools