Конструктор CSP-политик
Простое создание Content Security Policy
Пресеты
Импорт
Директивы
default-srcDefault fallback for other directives
'self'
script-srcRestricts JavaScript sources
'self''unsafe-inline'
style-srcRestricts CSS sources
'self''unsafe-inline'
img-srcRestricts image sources
'self'https:data:
font-srcRestricts font sources
'self'https:
connect-srcRestricts fetch/XHR/WebSocket connections
'self'https:
frame-ancestorsRestricts parents that can embed this page
'self'
object-srcRestricts plugins (Flash, etc.)
'none'