DevToolBox免费
博客

CSP 头生成器 — 内容安全策略构建器

使用交互式编辑器构建 Content-Security-Policy 头,防御 XSS 攻击。

Presets
Directives
Keywords
Schemes
Custom Domains
Additional Directives
upgrade-insecure-requests
Instructs browsers to upgrade HTTP requests to HTTPS
block-all-mixed-content
Prevents loading any mixed content (HTTP on HTTPS pages)
# Configure directives above to generate your CSP header...

What is a CSP Generator?

A Content-Security-Policy generator helps you build CSP headers that protect your website from XSS, data injection, and other code injection attacks.

𝕏 Twitterin LinkedIn

评价此工具

4.8 / 5 · 75 人评价

更多工具

🏷️Meta 标签生成器.ht.htaccess 生成器NXNginx 配置生成器🤖Robots.txt 生成器

Recommended

VercelDeploy your frontend instantlyDigitalOceanCloud hosting from $4/mo

保持更新

获取每周开发技巧和新工具通知。

无垃圾邮件,随时退订。

Enjoy these free tools?

Buy Me a Coffee

How to Use

  1. Select a preset or start from scratch
  2. Configure each directive
  3. Add trusted sources
  4. Copy the CSP header

Use Cases

  • Preventing XSS attacks
  • Meeting security compliance
  • Configuring Content-Security-Policy
  • Testing CSP rules

FAQ

What directives are supported?
All standard CSP directives including default-src, script-src, style-src, img-src, and more.
Can I test my CSP?
Use report-uri directive for monitoring. This tool generates the header you need.