Compose Content Security Policy directives locally and inspect the resulting header.
Step by step
How to use CSP Builder
1
Choose Content Security Policy directives and add the sources required by the application.
2
Assemble the policy while reviewing the generated header value.
3
Copy the policy into a report-only rollout or server configuration for testing.
Capabilities
What this tool handles
Directive-by-directive header assembly
Useful for rollout planning and audits
No backend needed for policy drafting
Common uses for CSP Builder
Draft a baseline CSP before enabling enforcement on a web application.
Review third-party script, image, font, frame, and connection origins by directive.
What to check before using the result
A generated policy must be tested against the real site, ideally in report-only mode first; an incorrect policy can break required application behavior.
Privacy and accuracy
Questions about CSP Builder
Does this tool upload my input?
The conversion or analysis runs in your browser. The application does not intentionally
send the value you enter to a processing API. Standard hosting infrastructure can still
receive request metadata when the page loads; see the privacy page for details.
Can I rely on the output without checking it?
Use the result as a focused development aid and verify it in the system where it will be
used. Test representative edge cases and confirm the destination uses the same format,
standard, and assumptions described on this page.