CSP Builder

Build and analyze Content-Security-Policy headers visually.

Generated Header 
default-src 'self'
Add to your server: Content-Security-Policy: default-src 'self'
Fallback for all resource types
'self'
JavaScript sources
CSS stylesheet sources
Image sources
Font file sources
XHR, fetch, WebSocket origins
Audio and video sources
Plugin sources (Flash, Java)
iframe sources
Who can embed this page
Restrict <base> element URLs
Form submission targets
Web Worker sources
App manifest sources
SvelteShip Skip the boilerplate. Auth, Stripe, dashboards — a complete SvelteKit SaaS starter.
From $49 →

Related Tools

H> HTTP Header Analyzer

Analyze HTTP headers for security issues, caching behavior, and CORS configuration with fix snippets.

IP IP / CIDR Calculator

Calculate subnets, host ranges, and masks for IPv4 CIDR notation with visual binary breakdown.

TS JSON to TypeScript

Generate TypeScript interfaces from JSON data. Handles nested objects, arrays, nullable fields.

From the makers of JSON Knife

SvelteUI Pro
45+ Svelte 5 components. Copy-paste into your project. From $49.
SvelteShip
Launch your SaaS faster. Auth, Stripe, dashboards — pre-built in SvelteKit. From $49.
MetaScrape API
Extract OG tags, metadata, and JSON-LD from any URL. Free tier included.
AccessiDrop
Accessibility monitoring for agencies. Free scanner. From $15/mo.
QuoteSnap
Professional quotes for tradespeople. Create, send, track. Free to start.

Get the JSON & API Cheat Sheet

Formatting tricks, jq commands, and common patterns — one page, zero fluff.