CSP 生成器
生成 Content Security Policy 安全策略
🔒 100% client-side — your data never leaves this pagePolicy Input
CSP Output
CSP policy will appear here
🔒 100% client-side
About this tool
快速生成 Content Security Policy 策略,支持常见指令组合并同步输出 HTTP Header 和 meta 标签写法。适合站点安全加固、XSS 风险防护、上线前安全检查与渗透测试场景,减少手工拼写配置错误。
Frequently Asked Questions
What is CSP used for?
CSP limits which sources can load scripts and other resources, reducing XSS and injection risks.
Should I use HTTP header or meta tag?
HTTP header is preferred in production. Meta tag can help for static hosting scenarios.
Can CSP break existing pages?
Yes if sources are too strict. Start with report-only strategy and tighten rules gradually.