关于 CSP 生成器
构建一个 Content Security Policy header visually by configuring each directive — export as HTTP header, meta tag, or Nginx config snippet.
如何使用 CSP 生成器
- 1配置each CSP directive (default-src, script-src, style-src, img-src, etc.) by selecting allowed sources。
- 2Use 'self' to allow resources from your own domain, or 添加 specific external domains.
- 3除非绝对必要,否则避免使用 'unsafe-inline' 和 'unsafe-eval'——它们会显著削弱您的 CSP。
- 4审查the generated CSP header in the output panel。
- 5复制header value, the HTML meta tag, or download an Nginx configuration snippet。
提示
- Start strict (默认-src '无') and 添加 sources incrementally — it's easier to loosen than to tighten.
- 测试你的 CSP in report-only mode first (Content-Security-Policy-Report-Only) to avoid breaking your site.
- 使用Nginx snippet export来deploy your CSP directly in your server configuration。
OneKitTools 团队更新于 2.25.0