Content-Security-Policy Header Generator

Ek Content-Security-Policy header ko directive by directive banayein, source chips aur copy-ready meta, nginx, aur Apache snippets ke saath. Sab kuch aapke browser mein chalta hai.

CSP Generator poori tarah aapke browser mein chalta hai. Jo directives, hosts, aur schemes aap apni Content-Security-Policy banane ke liye enter karte hain woh kabhi aapke device se bahar nahi jaate aur ArrayKit ko upload nahi hote.

Cache-Control Header Generator kholein

CSP Generator ke baare mein

CSP Generator ek Content-Security-Policy header ko ek baar mein ek directive banata hai. default-src, script-src, style-src, img-src, connect-src, font-src, frame-src, aur zyada ko 'self', 'none', 'unsafe-inline', data:, aur https: jaise source chips par click karke, ya cdn.example.com jaise custom hosts type karke bharein. Keyword sources aapke liye single-quoted hote hain jabki hosts aur schemes bare rehte hain, isliye policy hamesha valid hoti hai. Empty directives apne-aap drop ho jaati hain aur sab kuch canonical order mein emit hota hai. Enforce karne se pehle ek policy ko monitor mode mein test karne ke liye report-only toggle flip karein, phir raw header, ek HTML meta tag, ya ready-to-paste nginx aur Apache snippets copy karein. Ek site ko XSS aur clickjacking se harden karne wale developers ke liye bana, seedha browser mein — jo policy aap banate hain woh kabhi aapke device se bahar nahi jaati.

Features

CSP Generator kaise use karein

  1. Har directive mein sources add karne ke liye source chips par click karein ya ek host type karein
  2. Jo directives aap nahi chahte unhe empty chhod dein — woh output se drop ho jaati hain
  3. Agar aap enforce karne se pehle violations monitor karna chahte hain to Report-Only toggle karein
  4. Content-Security-Policy header value ya meta, nginx, ya Apache snippet copy karein

Example

Input

default-src: 'self'
script-src: 'self' https:
img-src: 'self' data:
object-src: 'none'

Output

Content-Security-Policy: default-src 'self'; script-src 'self' https:; img-src 'self' data:; object-src 'none'

'self' jaise keywords quoted hote hain; https: aur data: jaise schemes bare rehte hain.

Common errors aur troubleshooting

Aksar pooche jaane wale sawaal

Yeh CSP generator kya produce karta hai?
Yeh aapke chune directives aur sources se ek poora Content-Security-Policy header value banata hai, phir aapko raw header, ek HTML meta tag, aur nginx aur Apache add_header snippets deta hai jise aap apne config mein paste kar sakte hain.
Kaunse CSP sources ko single quotes milte hain aur kaunse ko nahi?
'self', 'none', 'unsafe-inline', 'unsafe-eval', aur 'strict-dynamic' jaise keyword sources, plus nonces aur hashes, single-quoted hote hain. https:, data:, aur cdn.example.com jaise hosts aur schemes bare chhode jaate hain. Tool aapke liye unhe sahi quote karta hai.
Report-only toggle kis liye hai?
Yeh header name ko Content-Security-Policy-Report-Only par switch karta hai, jo bina kuch block kiye violations report karta hai. Ek naye policy ko ek live site par stage karne aur enforce karne se pehle console dekhne ke liye ise use karein.
Kya main poori policy ek CSP meta tag ke roop mein deliver kar sakta hoon?
Zyadatar, haan — tool enforcing policy ke liye ek <meta http-equiv> tag emit karta hai. Lekin frame-ancestors, report-uri, report-to, aur sandbox ek meta tag mein ignore hote hain, isliye jab aapki policy un par depend kare to HTTP header snippet use karein.
Header un directives ko kyun chhod deta hai jo maine nahi bhari?
Bina sources waali directives drop ho jaati hain taaki output clean aur valid rahe. default-src kisi bhi fetch directive ke liye fallback ke roop mein act karta hai jise aap empty chhodte hain, isliye aapko sirf unhi ko override karna hai jo alag hain.
Kya CSP header banana mere hosts kahin bhejta hai?
Nahi. CSP Generator poori tarah aapke browser mein chalta hai. Jo directives aur hosts aap enter karte hain woh aapke device par rehte hain aur kabhi ArrayKit ko upload nahi hote.

Related tools

Saare ArrayKit tools