CSP Builder: your first Content-Security-Policy header, without starting from zero
A free tool that lets you build a first version of your CSP header—report-only or enforcement-ready—so you don't have to guess directives or copy-paste from scratch. Coming soon.
What to expect
Build a CSP header in minutes, not hours
The CSP Builder will help you generate a valid Content-Security-Policy header tailored to your stack, so you can stop starting from zero and focus on tuning.
Start from a template, not a blank page
Choose report-only or enforcement, add your domains and scripts, and get a ready-to-use header you can drop into your app or CDN.
Safe defaults for modern frontends
Sensible directives for scripts, styles, and connections so your first CSP is strict enough to help without breaking analytics or checkout.
Copy, paste, then tune
Export the header and refine it as you learn what your production traffic needs. Use CSPify monitoring to see what would break before you enforce.
In the meantime: monitor first, then build
Use CSPify to see what scripts and sources your production site actually uses. That data will make the CSP Builder—and any hand-written header—much easier to get right.
Start free with CSPify