Content Security Policy Builder

Serves as a fallback for non-specified directives
Unless you use embed-s or object-s, consider adding object-src 'none'Learn more →
Consider adding report-uri to receive reports about policy violations. Try out CSP Hero to get started.Learn more →
Consider adding form-action 'self' to allow forms to be submitted only to your own domain. Note that this directive don't fallback to default-src.Learn more →
Consider adding base-uri 'none' (or 'self') to restrict the document base URL to the same domain as the document itself.Learn more →
default-src 'self' ;