CSP Hash Generator

Generate cryptographic hashes for inline scripts and styles to eliminate 'unsafe-inline' from your CSP.

Frequently Asked Questions

What is Content Security Policy (CSP)?
CSP is a security layer that helps detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. Using hashes allows you to whitelist specific inline scripts without allowing all inline scripts.
How do I use these hashes?

Add the hash string to your policy header:

script-src 'sha256-...'
Which algorithm should I choose?
SHA-384 is widely used and provides a good balance of security and performance. SHA-512 is stronger and also recommended. SHA-256 is the minimum requirement but considered less secure for long-term standards.
Is my data secure?
Yes. All calculations happen entirely within your browser using the crypto.subtle API. Your code is never sent to any server.