CSP Builder

Build secure Content Security Policy headers visually

Security Score

100

Strong security posture

Policy Mode

Log violations without blocking

Directives

default-src
1
script-src
1
style-src
1
img-src
2
font-src
1
connect-src
1
media-src
1
object-src
1
frame-src
1
frame-ancestors
1
base-uri
1
form-action
1
manifest-src
1
worker-src
1
prefetch-src
1

default-src

Default policy for all content types

'self'

Generated CSP

Content-Security-Policy: default-src 'self'

    Related tools

    AES Encryption

    Encrypt and decrypt text with AES-GCM and a passphrase, fully in your browser. Uses PBKDF2 key derivation and the Web Crypto API — your data and keys never leave your device.

    Basic Auth Generator

    Generate an HTTP Basic Authentication header from a username and password. Produces the Authorization header and ready-to-use curl and fetch snippets. Runs fully client-side.

    Bcrypt Generator & Verifier

    Hash passwords with bcrypt and verify hashes — choose your cost factor (rounds 4–15), get a secure hash instantly, and check whether a password matches a hash. Runs entirely in your browser.

    CORS Header Validator

    Validate Cross-Origin Resource Sharing headers for security compliance

    Email Validator

    Validate email addresses with RFC 5322 syntax checking, disposable/temporary email detection, and domain verification. Client-side only.

    Hash Comparison Tool

    Compare hash values and generate hashes from text for verification