CSP Builder

Toggle Content Security Policy directives and export header value.

default-src 'self'script-src 'self'Allow inline scripts (weaker)style-src 'self' 'unsafe-inline'img-src * data:font-src 'self'connect-src 'self'frame-ancestors 'none'base-uri 'self'form-action 'self'upgrade-insecure-requests

Extra directives (one per line; joined with semicolons)

Content-Security-Policy

default-src 'self'; script-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:; frame-ancestors 'none'

陕ICP备2026008243号-2 (China ICP filing)