Start strict (default-src 'none') and add sources incrementally — it's easier to loosen than to tighten?

Start strict (default-src 'none') and add sources incrementally — it's easier to loosen than to tighten.

Test your CSP in report-only mode first (Content-Security-Policy-Report-Only) to avoid breaking your site?

Test your CSP in report-only mode first (Content-Security-Policy-Report-Only) to avoid breaking your site.

Use the Nginx snippet export to deploy your CSP directly in your server configuration.

Generate Content Security Policy headers

Build a Content Security Policy header visually by configuring each directive — export as HTTP header, meta tag, or Nginx config snippet.

1Configure each CSP directive (default-src, script-src, style-src, img-src, etc.) by selecting allowed sources.
2Use 'self' to allow resources from your own domain, or add specific external domains.
3Avoid 'unsafe-inline' and 'unsafe-eval' unless absolutely necessary — they weaken your CSP significantly.
4Review the generated CSP header in the output panel.
5Copy the header value, the HTML meta tag, or download an Nginx configuration snippet.

Start strict (default-src 'none') and add sources incrementally — it's easier to loosen than to tighten.
Test your CSP in report-only mode first (Content-Security-Policy-Report-Only) to avoid breaking your site.
Use the Nginx snippet export to deploy your CSP directly in your server configuration.

OneKitTools TeamUpdated 2.21.4