Content-Security-Policy Builder
Build a Content-Security-Policy header by adding directives (default-src, script-src, img-src, frame-ancestors) with predefined sources.
Selecione fontes para cada diretiva. Adicione hosts customizados separados por espaço ou linha.
Related Tools
Password Generator
Generate strong, random passwords with custom length, uppercase letters, numbers and symbols. Generated in the browser β no data leaves your device.
Encrypt Text
Apply classic ciphers (Caesar, ROT13, Atbash) or Base64. Useful for puzzles, CTFs and testing β do not use for real security.
Password Strength Checker
Check the strength of a password with entropy calculation, common-password check and improvement tips. Runs in your browser β no data is sent.
Build a Content-Security-Policy header
Few defences stop a script-injection (XSS) attack as well as the Content-Security-Policy. The catch is the syntax: so many directives and sources that it intimidates at a glance. Here the builder handles the tedious part for you, adding each directive in a guided way. No CSP grammar to memorise.
You compose the rules for directives such as default-src, script-src, img-src and frame-ancestors from common, predefined sources. The tool merges it all into a valid header. With that you can limit where the browser loads resources from, and the site's attack surface shrinks considerably.
The whole build happens in your own browser, in real time, with nothing leaving it. Handy for developers who want to harden their pages without getting tangled in CSP syntax.