CSP Generator

Generate, Test, and Monitor Your Content Security Policy

Discover what your site loads, build an editable CSP candidate, test it in report-only mode, and monitor drift before deciding whether to enforce it.

Run the free CSP generator and scanner or learn how Content Security Policy works.

scan: chrome crawl: 3 free / 10 premium output: CSP header
Discover

Observe Browser Resources

Load selected public pages in Chrome and inspect the scripts, styles, images, fonts, frames, connections, and inline-code evidence observed during the scan.

Generate

Build and Review a CSP Candidate

Turn browser evidence into an editable policy, review broad or risky values, and optionally add SHA-256 sources for inline content observed on scanned pages.

Test

Move Through Report-Only First

Copy deployment-formatted headers, test representative application flows without blocking them, and review violation evidence before enforcement.

Monitor

Review CSP Drift Over Time

Verified-site monitors compare recurring scan evidence with an accepted baseline so new and removed sources remain visible during rollout and maintenance.