Whitespace and newlines matter?

Yes — the browser hashes the literal bytes of the element. A trailing newline or a different indentation will invalidate the hash. Paste exactly what's between the tags.

Should I always use sha512?

No. sha256 is the de-facto baseline; sha384/sha512 are only required if your policy or auditor specifies them. Longer digests don't add real security here — the threat model assumes the inline content is what you authored.

CSP Hash Generator

Network

Paste the exact contents of an inline script or style (no <script> tags, no leading/trailing whitespace differences) and the tool computes the SHA-2 digest over its UTF-8 bytes, base64-encodes it, and emits the 'sha256-…' style token that CSP accepts as a whitelist entry. The browser hashes the same way at parse time, so any byte mismatch — including line endings — will fail to match and the block will not execute. Use this instead of 'unsafe-inline' when you really do need a tiny inline snippet.

—

Inline script or style body

Algorithm

Target directive

Paste something to hash.

The browser hashes the exact bytes of the inline element. Whitespace, indentation, and line endings all count.

How to use

Paste the script body (everything between <script> and </script>) or the style body.
Pick the algorithm (sha256 is enough for almost everyone; 384/512 if your policy mandates them).
Copy the resulting 'sha256-…' token into the right -src directive.

Frequently asked questions

Whitespace and newlines matter?: Yes — the browser hashes the literal bytes of the element. A trailing newline or a different indentation will invalidate the hash. Paste exactly what's between the tags.
Should I always use sha512?: No. sha256 is the de-facto baseline; sha384/sha512 are only required if your policy or auditor specifies them. Longer digests don't add real security here — the threat model assumes the inline content is what you authored.

Related tools

IP Address Inspector

Type an IPv4 or IPv6 address and see its class, scope (private / public / loopback / link-local), decimal value, binary, reverse-DNS notation, and /32 CIDR.

Network00

Port Number Reference

Searchable cheat sheet for ~60 standard TCP / UDP port numbers — from 22 (SSH) and 80 (HTTP) to 6379 (Redis) and 27017 (MongoDB).

Network00

DNS Record Reference

Searchable cheat sheet for DNS record types — A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, SRV, CAA, DNSSEC, SVCB / HTTPS — with examples.

Network00

Subnet Calculator (IPv4 / CIDR)

Parse an IPv4 CIDR into network address, broadcast, netmask, wildcard, host range, and class. Shows binary breakdown and private/public status.

Network00

User Agent Parser

Parse a User-Agent string into browser, engine, OS, device, and CPU. Detects 20+ bots including GPTBot, ClaudeBot, PerplexityBot.

Network00

HTTP Status Code Reference

Searchable list of every HTTP status code (1xx-5xx) with summary, RFC, when to use, and common pitfalls.

Network00