What is Content-Security-Policy header
Content-Security-Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution. To enable CSP, you need to configure your web server to return the Content-Security-Policy HTTP header.
This tool helps you parse, edit, and generate a complex CSP policy easily. If you want to test the CSP policy, you can load the CSP policy below to your web server. You can also preview the change using ModHeader.