Content-Security-Policy editor

What is Content-Security-Policy header

Content-Security-Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution. To enable CSP, you need to configure your web server to return the Content-Security-Policy HTTP header.

Content-Security-Policy editor

This tool helps you parse, edit, and generate a complex CSP policy easily. If you want to test the CSP policy, you can load the CSP policy below to your web server. You can also preview the change using ModHeader.

	Directive	Value
		'self'

Content-Security-Policy: default-src 'self'

References

W3C Content-Security-Policy (CSP) spec
MDN doc on Content-Security-Policy (CSP)