Build Content Security Policy headers from presets or config files. Test policies against live URLs and generate violation report configurations. Stop XSS before it starts.
Browse the actual product documentation and code examples included in this toolkit.
Key features of CSP Builder
• Directive generator — covers all standard CSP directives (default-src, script-src, style-src, etc.) • Preset policies — strict, moderate, and permissive presets for quick starts • Policy tester — validate a URL's existing CSP headers and identify gaps • Violation reporting — configure report-uri and report-to directives • Nonce generation — create cryptographic nonces for inline scripts and styles • Multiple output formats — HTTP header string or HTML `<meta>` tag
Directive generator — covers all standard CSP directives (default-src, script-src, style-src, etc.)
Preset policies — strict, moderate, and permissive presets for quick starts
Policy tester — validate a URL's existing CSP headers and identify gaps
Violation reporting — configure report-uri and report-to directives
Nonce generation — create cryptographic nonces for inline scripts and styles
Multiple output formats — HTTP header string or HTML `<meta>` tag
Configure CSP Builder parameters to see how the product works.
# Generate a strict CSP header python src/csp_builder.py --preset strict # Build from a config file python src/csp_builder.py --config examples/csp_config.json --output csp_header.txt # Test a live URL's CSP python src/csp_builder.py --test --url https://example.com