Quick Presets

CSP Directives

default-src

Common Sources

'self'

'unsafe-inline'

'unsafe-eval'

'none'

Custom URLs

script-src

style-src

img-src

font-src

connect-src

media-src

object-src

frame-src

base-uri

form-action

frame-ancestors

report-uri

Generated CSP

HTTP Header

Content-Security-Policy: default-src 'self'

HTML Meta Tag

<meta http-equiv="Content-Security-Policy" content="default-src 'self'" />

Nginx Configuration

add_header Content-Security-Policy "default-src 'self'";

Apache Configuration

Header set Content-Security-Policy "default-src 'self'"

CSP Header Builder