OneKitTools logoOneKitTools
返回安全

CSP 生成器

生成 Content 安全 Policy headers

关于 CSP 生成器

构建一个 Content Security Policy header visually by configuring each directive — export as HTTP header, meta tag, or Nginx config snippet.

如何使用 CSP 生成器

  1. 1配置each CSP directive (default-src, script-src, style-src, img-src, etc.) by selecting allowed sources。
  2. 2Use 'self' to allow resources from your own domain, or 添加 specific external domains.
  3. 3Avoid 'unsafe-inline' and 'unsafe-eval' unless absolutely necessary — they weaken your CSP significantly.
  4. 4审查the generated CSP header in the output panel。
  5. 5复制header value, the HTML meta tag, or download an Nginx configuration snippet。

提示

  • Start strict (默认-src '无') and 添加 sources incrementally — it's easier to loosen than to tighten.
  • 测试你的 CSP in report-only mode first (Content-Security-Policy-Report-Only) to avoid breaking your site.
  • 使用Nginx snippet export来deploy your CSP directly in your server configuration。

相关工具

OneKitTools 团队更新于 2.21.4