CSP Playground

Content Security Policy is a header that allows you, the developer or security engineer, to define where web applications can load content from.
By defining a strict policy, you can completely* mitigate attacks such as cross-site scripting.


If you already love CSP, this site can help you get up and running with it quickly.
How To Use This Site


Now that you understand how to use the site, try the examples.
CSP Violations and CSP Compliance


Ready to test out your own policy?
CSP Validator


References, tools, and case studies.
CSP Resources