CSP Directives Configuration
default-src Fallback
Defines the default policy for fetching resources such as JavaScript, Images, CSS, Fonts, AJAX requests, etc.
script-src JavaScript
Defines valid sources of JavaScript.
style-src CSS
Defines valid sources of stylesheets or CSS.
img-src Images
Defines valid sources of images.
connect-src Connections
Defines valid targets for APIs using script interfaces (fetch, XHR, WebSocket, etc.).
font-src Fonts
Defines valid sources of fonts.
frame-src Frames
Defines valid sources for nested browsing contexts (iframes).
Generated CSP Policy
Your CSP policy will appear here after configuration.
Implementation Example
<meta http-equiv="Content-Security-Policy" content="[Your Policy Here]">
For HTTP headers: Content-Security-Policy: [Your Policy Here]
Report Configuration
Configure reporting of CSP violations (optional)
URI to which the user agent should report violations