CSP Builder

Build and analyze Content-Security-Policy headers visually.

Generated Header

default-src 'self'

Add to your server: Content-Security-Policy: default-src 'self'

upgrade-insecure-requests block-all-mixed-content

default-src Fallback for all resource types

'self'

script-src JavaScript sources

style-src CSS stylesheet sources

img-src Image sources

font-src Font file sources

connect-src XHR, fetch, WebSocket origins

media-src Audio and video sources

object-src Plugin sources (Flash, Java)

frame-src iframe sources

frame-ancestors Who can embed this page

base-uri Restrict <base> element URLs

form-action Form submission targets

worker-src Web Worker sources

manifest-src App manifest sources

Analyze HTTP headers for security issues, caching behavior, and CORS configuration with fix snippets.

Calculate subnets, host ranges, and masks for IPv4 CIDR notation with visual binary breakdown.

Generate TypeScript interfaces from JSON data. Handles nested objects, arrays, nullable fields.