Generate a Content Security Policy

Enter your URL. We crawl your site, detect all resources, and generate a ready-to-deploy CSP. No manual configuration needed.

We'll be right back

Our scanner is currently undergoing maintenance. Please try again in a few minutes.

Free quick scan • Full scan and report for $1.99 (~1.79 € · live rate)

Analyzing your website... This may take up to 30 seconds.

Security Header Score

Your Generated CSP

How helpful was this scan?

Thank you for your feedback!

Deployment Guides for Your Platform

$4.95 $1.99 incl. taxinkl. MwSt
Launch price — save 60%

Security Headers

What is a Content Security Policy?

TL;DR: A CSP tells browsers which resources your page may load. It prevents XSS, data theft, and clickjacking. Generate one automatically from your site's resources.

A Content Security Policy (CSP) is an HTTP header that tells the browser which resources are allowed to load on your page. It is one of the most effective defenses against cross-site scripting (XSS) attacks — the #1 web vulnerability according to OWASP.

How do I deploy a CSP safely?

Before enforcing a CSP, deploy it as Content-Security-Policy-Report-Only. The browser logs violations to the console without blocking anything. This lets you find and fix issues before they break your site.

Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' https://cdn.example.com

Monitor for 1-2 weeks. Once clean, switch to the enforcing Content-Security-Policy header.

Where can I learn more about CSP?

Frequently Asked Questions