Encrypt Online
Privacy All tools run entirely in your browser.

CSP Nonce Generator

Generate a CSP nonce locally and copy both the policy token and the HTML attribute

Safety note: These policy helpers only hash or generate values from content you paste here. They do not fetch remote assets or tell you whether a whole CSP policy is otherwise complete.
Generate a CSP nonceGenerate a browser-ready nonce plus the matching CSP token and HTML attribute snippet
Generate a fresh nonce for each response or page render in real applications.
16 bytes is a practical default for CSP nonces.
What It Generates

A CSP nonce is a random per-response token that you add both to the policy and to trusted inline tags. This page generates the value and the common snippets around it.

Generate the Right Token
  1. Choose the nonce length and click Generate nonce.
  2. Copy the CSP token into the header and the attribute snippet into the allowed inline tag.
  3. Copy the generated value exactly. Even trailing whitespace differences change the result.
Why Exact Bytes Matter

CSP hashes, nonces, and SRI tokens are byte-exact. If the inline script changed by one character or the copied asset body is not the exact deployed content, browsers will reject the policy or integrity check.