CSP generator
Generate a Content Security Policy from real browser evidence.
Consepo's CSP generator starts with a rendered scan of your live site, then turns discovered resources into a deployable policy your team can review, test in Report-Only, and maintain over time.
Generation workflow
Generated CSP should come from what the browser proves, not what source files suggest.
Modern sites load code from bundlers, CDNs, plugins, tag managers, and runtime scripts. A useful CSP generator has to observe the live page, not just inspect static markup.
- 1
Crawl the live site
Consepo renders pages in a browser so scripts, styles, frames, fonts, images, and connections are captured after the page actually executes.
- 2
Map resources to directives
Observed origins are grouped into the CSP directives they affect, giving your team a reviewable starting point instead of a hand-built allowlist.
- 3
Export for your stack
Generate deployment-ready policy output for headers, WordPress, WP Engine, Cloudflare Workers, reverse proxies, or JSON-based workflows.
What you get
A policy your team can deploy, validate, and revise.
Directive guidance
Review source recommendations for script-src, style-src, connect-src, frame-src, img-src, font-src, and reporting.
Deployment formats
Export the policy in the format your hosting layer expects instead of rewriting the same CSP by hand.
Report-Only rollout
Ship safely by validating the generated policy against real traffic before moving to enforcement.
Related CSP resources
Keep building the policy picture.
- Open resource
Validate your current CSP
Start with a live-page CSP evaluation before generating the next policy version.
- Open resource
CSP policy generator feature
See how generated policies are reviewed, exported, and shipped from the product.
- Open resource
CSP directive reference
Understand the directives that a generated policy has to control.
- Open resource
Report-Only vs enforcement
Use Report-Only to test generated policies before blocking resources.