Generate a Content Security Policy

Enter your URL. We crawl your site, detect all resources, and generate a ready-to-deploy CSP. No manual configuration needed.

Free quick scan • Full scan and report from $1.99 incl. VAT (1.74 € · live rate)

Analyzing your website... This may take up to 30 seconds.

Security Header Score

Your Generated CSP

Security Headers

What is a Content Security Policy?

TL;DR: A CSP tells browsers which resources your page may load. It prevents XSS, data theft, and clickjacking. Generate one automatically from your site's resources.

A Content Security Policy (CSP) is an HTTP header that tells the browser which resources are allowed to load on your page. It is one of the most effective defenses against cross-site scripting (XSS) attacks — the #1 web vulnerability according to OWASP.

How do I deploy a CSP safely?

Before enforcing a CSP, deploy it as Content-Security-Policy-Report-Only. The browser logs violations to the console without blocking anything. This lets you find and fix issues before they break your site.

Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' https://cdn.example.com

Monitor for 1-2 weeks. Once clean, switch to the enforcing Content-Security-Policy header.

Where can I learn more about CSP?

Frequently Asked Questions