{"$schema":"https://toolsly.tools/schemas/tool-manifest-v1.json","generated":"2026-06-02T15:45:22.098Z","discovery":{"catalog":"https://myaitools.net/tools.json","llmsTxt":"https://myaitools.net/llms.txt","sitemap":"https://myaitools.net/sitemap.xml"},"relatedTools":[{"slug":"mime-type-lookup","name":"MIME Type Lookup","url":"https://myaitools.net/mime-type-lookup"},{"slug":"meta-tag-generator","name":"Meta Tag Generator","url":"https://myaitools.net/meta-tag-generator"},{"slug":"cron-generator","name":"Cron Expression Generator","url":"https://myaitools.net/cron-generator"},{"slug":"placeholder-image-url","name":"Placeholder Image URL Generator","url":"https://myaitools.net/placeholder-image-url"},{"slug":"url-parser","name":"URL Parser","url":"https://myaitools.net/url-parser"},{"slug":"user-agent-parser","name":"User-Agent Parser","url":"https://myaitools.net/user-agent-parser"},{"slug":"http-status-code","name":"HTTP Status Code Lookup","url":"https://myaitools.net/http-status-code"},{"slug":"js-minifier","name":"JavaScript Minifier","url":"https://myaitools.net/js-minifier"}],"kind":"utility","slug":"csp-header-builder","name":"CSP Header Builder","description":"Build a Content-Security-Policy header interactively — select policies for each directive and get the full header string.","longDescription":"Configure the most common Content-Security-Policy (CSP) directives through simple dropdowns: default-src, script-src, style-src, img-src, font-src, connect-src, and frame-src. Each directive can be set to 'none' (block all), 'self' (same-origin only), 'self' + 'unsafe-inline', 'self' + 'unsafe-inline' + 'unsafe-eval', or '*' (allow any). The tool generates both the HTTP header value and the HTML <meta> tag version. Useful for web developers hardening their sites against XSS, clickjacking, and data injection attacks. CSP is a critical layer of defense recommended by OWASP and required for many compliance frameworks. Generated entirely in your browser.","category":"dev","categoryName":"Dev","keywords":["csp header builder","content security policy generator","csp generator","csp builder online","content security policy builder","csp header generator","security headers generator","csp meta tag generator","web security headers","xss prevention header","csp policy builder","csp directive builder","content security policy tool"],"badge":"Builder","url":"https://myaitools.net/csp-header-builder","inputs":[{"type":"select","key":"default-src","label":"default-src","defaultValue":"self","choices":[{"value":"none","label":"'none' — block all"},{"value":"self","label":"'self' — same origin only"},{"value":"self-inline","label":"'self' + 'unsafe-inline'"},{"value":"self-inline-eval","label":"'self' + 'unsafe-inline' + 'unsafe-eval'"},{"value":"*","label":"* — allow any source"}],"help":"Fallback for any directive not explicitly set."},{"type":"select","key":"script-src","label":"script-src","defaultValue":"self","choices":[{"value":"none","label":"'none' — block all"},{"value":"self","label":"'self' — same origin only"},{"value":"self-inline","label":"'self' + 'unsafe-inline'"},{"value":"self-inline-eval","label":"'self' + 'unsafe-inline' + 'unsafe-eval'"},{"value":"*","label":"* — allow any source"}],"help":"Controls which scripts can execute."},{"type":"select","key":"style-src","label":"style-src","defaultValue":"self-inline","choices":[{"value":"none","label":"'none' — block all"},{"value":"self","label":"'self' — same origin only"},{"value":"self-inline","label":"'self' + 'unsafe-inline'"},{"value":"self-inline-eval","label":"'self' + 'unsafe-inline' + 'unsafe-eval'"},{"value":"*","label":"* — allow any source"}],"help":"Controls which stylesheets can be applied."},{"type":"select","key":"img-src","label":"img-src","defaultValue":"self","choices":[{"value":"none","label":"'none' — block all"},{"value":"self","label":"'self' — same origin only"},{"value":"self-inline","label":"'self' + 'unsafe-inline'"},{"value":"self-inline-eval","label":"'self' + 'unsafe-inline' + 'unsafe-eval'"},{"value":"*","label":"* — allow any source"}],"help":"Controls where images can be loaded from."},{"type":"select","key":"font-src","label":"font-src","defaultValue":"self","choices":[{"value":"none","label":"'none' — block all"},{"value":"self","label":"'self' — same origin only"},{"value":"self-inline","label":"'self' + 'unsafe-inline'"},{"value":"self-inline-eval","label":"'self' + 'unsafe-inline' + 'unsafe-eval'"},{"value":"*","label":"* — allow any source"}],"help":"Controls where fonts can be loaded from."},{"type":"select","key":"connect-src","label":"connect-src","defaultValue":"self","choices":[{"value":"none","label":"'none' — block all"},{"value":"self","label":"'self' — same origin only"},{"value":"self-inline","label":"'self' + 'unsafe-inline'"},{"value":"self-inline-eval","label":"'self' + 'unsafe-inline' + 'unsafe-eval'"},{"value":"*","label":"* — allow any source"}],"help":"Controls which URLs can be loaded via fetch, XHR, WebSocket, etc."},{"type":"select","key":"frame-src","label":"frame-src","defaultValue":"none","choices":[{"value":"none","label":"'none' — block all"},{"value":"self","label":"'self' — same origin only"},{"value":"self-inline","label":"'self' + 'unsafe-inline'"},{"value":"self-inline-eval","label":"'self' + 'unsafe-inline' + 'unsafe-eval'"},{"value":"*","label":"* — allow any source"}],"help":"Controls which URLs can be embedded in frames."}],"outputs":[{"key":"header","label":"CSP Header","multiline":true,"monospace":true},{"key":"meta","label":"HTML <meta> tag","multiline":true,"monospace":true},{"key":"breakdown","label":"Directive breakdown","multiline":true}],"invocation":{"webUi":"https://myaitools.net/csp-header-builder","api":null,"notes":"Currently invoked via the web UI at `webUi`. Inputs are form fields; outputs are structured text values. A remote MCP/REST API is planned."}}