CSP Hash Calculator
Generate SHA-256 hashes for inline scripts. Copy the hash directly into your Content Security Policy.
Generated Hashes
SHA-256 Recommended
Calculating... SHA-384
Calculating... SHA-512
Calculating... CSP Directive (using SHA-256)
Calculating... HTML with matching script:
...How it works: The browser calculates the hash of your inline script content (excluding
<script> tags) and compares it against the hash in your CSP header. If they match, the script executes. Any change to the script—even whitespace—invalidates the hash. SHA-256 is recommended for broad compatibility.About This Tool
When you need to allow specific inline scripts in your CSP without using ‘unsafe-inline’, you can use hashes. This tool calculates the SHA-256 hash of your script content in the format CSP expects.
How to Use
Paste your inline script content (excluding
<script>tags)- Copy the generated hash or full CSP directive
- Add the hash to your
script-srcdirective
Important Notes
- Any change to the script (even whitespace) will change the hash
For dynamic scripts, consider using nonces instead
See the complete CSP guide for best practices