Loading tool...
Loading tool...
Build a Content-Security-Policy HTTP header by toggling directives and adding allowed sources.
default-srcscript-srcstyle-srcimg-srcfont-srcconnect-srcmedia-srcobject-srcframe-srcframe-ancestorsbase-uriform-actionworker-srcmanifest-srcupgrade-insecure-requestsblock-all-mixed-contentdefault-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; object-src 'none'; base-uri 'self'; How to use
Set this as an HTTP response header from your server or CDN edge. Violations will be blocked by the browser. Test first with Content-Security-Policy-Report-Only.