Security2026-03-199 min read

Content Security Policy (CSP) Guide for Developers

How to write Content Security Policy headers: directives, nonces, hashes, reporting, and common CSP mistakes.

Basic CSP

Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-abc123'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' https://api.example.com

Key Directives

default-src: Fallback for all resource types
script-src: JavaScript sources
style-src: CSS sources
connect-src: API/fetch/WebSocket targets
frame-src: iframe sources

Try It Free

Use our free online tool — 100% client-side, no data leaves your browser.

Open SSL Checker

Related Tools & Articles

JSON Formatter
Base64 Encoder
Password Generator
Regex Tester
Hash Generator
All 50+ Free Tools