Sign In
Start Free Trial
Content Security Policy Builder
default-src
Serves as a fallback for non-specified directives
'none'
'self'
https:
http:
data:
mediastream:
blob:
filesystem:
'unsafe-eval'
'unsafe-hashes'
'unsafe-inline'
+ ADD
default-src
script-src
style-src
img-src
font-src
child-src
frame-src
media-src
object-src
connect-src
manifest-src
worker-src
base-uri
form-action
frame-ancestors
report-uri
report-to
Unless you use embed-s or object-s, consider adding
object-src 'none'
Learn more
FIX IT
Consider adding
form-action 'self'
to allow forms to be submitted only to your own domain. Note that this directive don't fallback to default-src.
Learn more
FIX IT
Consider adding
base-uri 'none'
(or
'self'
) to restrict the document base URL to the same domain as the document itself.
Learn more
FIX IT
Consider adding
report-uri
to receive reports about policy violations. Try out CSP Hero to get started.
Learn more
default-src
'self'
;
To Clipboard
As Meta Tag
