CSP Policy Builder
Build a strong Content Security Policy to prevent XSS and data injection.
'self'
'self'
'self''unsafe-inline'
'self'data:
'self'
'self'
'none'
'none'
Generated Policy
default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'none'; frame-ancestors 'none';
Add this to your server response headers or as a meta tag in your HTML head.
Meta Tag Example:
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'none'; frame-ancestors 'none';">