CSP Playground

Content Security Policy is a header that allows you, the developer or security engineer, to define where web applications can load content from.
By defining a strict policy, you can completely* mitigate attacks such as cross-site scripting.

If you already love CSP, this site can help you get up and running with it quickly.
How To Use This Site

Now that you understand how to use the site, try the examples.
CSP Violations and CSP Compliance

Ready to test out your own policy?
CSP Validator

References, tools, and case studies.

Start typing and press Enter to search

Shopping Cart