Question 1

What is a Content Security Policy?

Accepted Answer

A CSP is like a guest list for your website. It tells the browser which domains are allowed to load scripts, styles, images, and other resources. Anyone not on the list gets blocked — including attackers trying to inject malicious code (XSS).

Question 2

Why do I need a CSP?

Accepted Answer

Without a CSP, any script can run on your page — including ones injected by attackers. A CSP prevents cross-site scripting (XSS), clickjacking, and data exfiltration. Major browsers enforce it automatically.

Question 3

How does this tool work?

Accepted Answer

We crawl your website and analyze every resource it loads — scripts, styles, fonts, images, API calls. From this we generate a complete CSP that allows exactly what your site needs and blocks everything else.

Question 4

Is it safe to deploy the generated CSP?

Accepted Answer

We recommend deploying as Content-Security-Policy-Report-Only first. This logs violations without blocking anything. Monitor for 1-2 weeks, adjust if needed, then switch to enforcing mode.

Generate a Content Security Policy

Deployment Guides

Frequently Asked Questions