free security tools
← Back to tools

Policy Generator

Build security policy headers interactively. Generate CSP, CORS, HSTS, and other headers ready for deployment on Apache, Nginx, or your application server.

🔒 Content-Security-Policy CSP

🌐 CORS Cross-Origin

🛡️ Other Security Headers

# Configure the options above to generate security headers

What is Policy Generator?

Generate CSP, CORS, and HSTS security policies for Apache, Nginx, and Express. Copy-paste ready configuration files.

FAQ

What policy should I start with?
Start with a report-only CSP to see what would be blocked without breaking your site. Then move to enforcing mode.
What is strict-dynamic?
strict-dynamic allows scripts loaded by trusted scripts to also execute. It's the modern way to handle inline scripts in CSP.

Related Tools