If you are not sure if the website you would like to visit is secure, you can verify it here. Enter the website address of the page and see parts of its content and the thumbnail images on this site. None (if any) dangerous scripts on the referenced page will be executed. Additionally, if the selected site contains subpages, you can verify it (review) in batches containing 5 pages.
favicon.ico: base-ui.com/react/utils/csp-provider - CSP Provider · Base UI.

site address: base-ui.com/react/utils/csp-provider redirected to: base-ui.com/react/utils/csp-provider

site title: CSP Provider · Base UI

Our opinion (on Tuesday 14 July 2026 12:43:29 UTC):

GREEN status (no comments) - no comments
After content analysis of this website we propose the following hashtags:



Meta tags:
description=A CSP provider component that applies a nonce to inline style and script tags rendered by Base UI components, and can disable inline style elements.;
keywords=Base UI CSP Provider,Content Security Policy,CSP nonce,React CSP,Inline script nonce,Inline style nonce;

Headings (most frequently used words):

inline, style, cspprovider, csp, provider, anatomy, supplying, nonce, disable, elements, attributes, api, reference, propshide, statehide,

Text of the page (most frequently used words):
style (32), nonce (21), #inline (21), csp (17), cspprovider (14), components (13), the (12), base (11), src (11), elements (10), and (9), tags (9), your (8), script (7), you (7), attributes (7), disable (7), provider (7), styles (6), type (5), not (5), rendered (5), that (5), for (5), react (4), undefined (4), default (4), instead (4), disablestyleelements (4), component (4), only (4), are (4), this (4), elem (4), scrollbar (4), props (3), name (3), specify (3), any (3), have (3), security (3), example (3), from (3), all (3), supplying (3), select (3), include (3), import (3), app (3), self (3), behavior (3), group (3), anatomy (3), field (3), menu (3), hide (2), reactnode (2), children (2), string (2), description (2), false (2), boolean (2), css (2), via (2), prop (2), api (2), reference (2), unset (2), them (2), can (2), its (2), such (2), ensure (2), new (2), scrollarea (2), viewport (2), render (2), affected (2), client (2), html (2), directive (2), but (2), may (2), attr (2), blocks (2), does (2), when (2), server (2), pre (2), they (2), these (2), none (2), scrollbars (2), attribute (2), function (2), under (2), const (2), header (2), view (2), toggle (2), navigation (2), dialog (2), checkbox (2), cspproviderstate, state, export, cspproviderprops, value, apply, whether, created, should, must, custom, class, names, other, methods, table, manually, note, need, vet, upgrades, added, overflow, present, initial, relax, adding, using, specifically, pose, less, severe, risk, than, approach, acceptable, high, environments, unsafe, addition, few, options, applies, both, want, control, use, covers, cover, governs, encountered, parsing, affect, side, javascript, sets, div, across, opt, don, their, own, flag, required, uses, scripts, disabling, remove, width, webkit, display, avoid, entirely, rely, external, stylesheets, relevant, enabled, which, inject, tag, native, alignitemwithtrigger, list, popup, will, correct, allowing, return, providing, then, join, randomuuid, crypto, pass, same, into, during, rendering, generate, random, per, request, enforce, configure, allows, configuring, globally, within, tree, some, functionality, removing, hydration, strict, content, policy, blocked, unless, matching, wrap, around, source, markdown, configures, related, top, npm, github, userender, mergeprops, direction, utils, tooltip, toolbar, toast, tabs, switch, slider, separator, scroll, area, radio, progress, preview, card, popover, otp, number, meter, menubar, input, form, fieldset, drawer, context, combobox, collapsible, button, avatar, autocomplete, alert, accordion, llms, txt, typescript, forms, customization, composition, animation, styling, handbook, about, community, releases, accessibility, quick, start, overview, search, skip, contents,


Text of the page (random words):
csp provider base ui skip to contents search k navigation overview quick start accessibility releases community about handbook styling animation composition customization forms typescript llms txt components accordion alert dialog autocomplete avatar button checkbox checkbox group collapsible combobox context menu dialog drawer field fieldset form input menu menubar meter navigation menu number field otp field new popover preview card progress radio scroll area select separator slider switch tabs toast toggle toggle group toolbar tooltip utils csp provider direction provider mergeprops userender github npm 1 6 0 csp provider top anatomy supplying a nonce disable inline style elements inline style attributes api reference csp provider configures csp related behavior for inline tags rendered by base ui components view as markdown view source anatomy import the component and wrap it around your app anatomy import cspprovider from base ui react csp provider cspprovider nonce your app or a group of components cspprovider some base ui components render inline style or script tags for functionality such as removing scrollbars or pre hydration behavior under a strict content security policy csp these tags may be blocked unless they include a matching nonce attribute cspprovider allows configuring this behavior globally for all base ui components within its tree supplying a nonce if you enforce a csp that blocks inline tags by default configure your server to generate a random nonce per request include it in your csp header via style src elem script src pass the same nonce into cspprovider during rendering example const nonce crypto randomuuid example csp header const csp default src self script src self nonce nonce style src elem self nonce nonce join then providing the nonce import cspprovider from base ui react csp provider function app nonce return cspprovider nonce nonce cspprovider this will ensure that all inline style and script tags rendered by base ui components include the correct nonce attribute allowing them to function under your csp disable inline style elements you can avoid supplying a nonce if you disable inline style elements entirely and rely on external stylesheets only the relevant components are scrollarea viewport and select popup or select list when alignitemwithtrigger is enabled which inject a style tag to disable native scrollbars style base ui disable scrollbar scrollbar width none base ui disable scrollbar webkit scrollbar display none style specify disablestyleelements to remove these tags disabling style elements cspprovider disablestyleelements cspprovider script tags across all components are opt in so they are not affected by this prop and don t have their own disable flag a nonce is required if any component uses inline scripts inline style attributes cspprovider covers inline style and script tags rendered as elements but it does not cover inline style attributes for example div style the style src attr directive in csp governs inline style attributes encountered when parsing html from server pre rendered components it does not affect client side javascript that sets styles in csp style src applies to both style elements and style attributes if you only want to control style elements use style src elem instead if your csp blocks inline style attributes in addition to elements you have a few options relax your csp by adding unsafe inline to the style src attr directive or using only style src elem instead of style src style attributes specifically pose a less severe security risk than style elements but this approach may not be acceptable in high security environments render the affected components only on the client so that no inline styles are present in the initial html manually unset inline styles and specify them in your css instead any component can have its inline styles unset such as scrollarea viewport style overflow undefined note that you ll need to ensure you vet upgrades for any new inline styles added by base ui components api reference component props table prop type default disablestyleelements boolean false name disablestyleelements description whether inline style elements created by base ui components should not be rendered instead components must specify the css styles via custom class names or other methods type boolean undefined default false nonce string name nonce description the nonce value to apply to inline style and script tags type string undefined children react reactnode name children type react reactnode undefined cspprovider props hide re export of cspprovider props as cspproviderprops cspprovider state hide type cspproviderstate
Thumbnail images (randomly selected): * Images may be subject to copyright.GREEN status (no comments)

    No Images


    Verified site has: 53 subpage(s). Do you want to verify them? Verify pages:

    1-5 6-10 11-15 16-20 21-25 26-30 31-35 36-40 41-45 46-50
    51-53


    The site also has 3 references to external domain(s).

     github.com  Verify  npmjs.com  Verify  developer.mozilla.org  Verify


    The site also has 1 references to other resources (not html/xhtml )

     base-ui.com/llms.txt  Verify


    Top 50 hastags from of all verified websites.

    Supplementary Information (add-on for SEO geeks)*- See more on header.verify-www.com

    Header

    HTTP/1.1 301 Moved Permanently
    Content-Type text/plain; charset=utf-8
    Date Tue, 14 Jul 2026 12:43:29 GMT
    Location htt????/base-ui.com/react/utils/csp-provider
    Server Netlify
    X-Nf-Request-Id 01KXGAEQR8Z0ARSK9EDWAA3QG1
    Content-Length 59
    Connection close
    HTTP/2 200
    accept-ranges bytes
    age 0
    cache-control public,max-age=0,must-revalidate
    cache-status Netlify Edge ; fwd=miss
    content-encoding gzip
    content-security-policy default-src * data: mediastream: blob: filesystem: about: ws: wss: unsafe-eval wasm-unsafe-eval unsafe-inline ; script-src * data: blob: unsafe-inline unsafe-eval ; script-src-elem * data: blob: unsafe-inline ; connect-src * data: blob: unsafe-inline ; img-src * data: blob: unsafe-inline ; media-src * data: blob: unsafe-inline ; frame-src * data: blob: ; style-src * data: blob: unsafe-inline ; font-src * data: blob: unsafe-inline ; frame-ancestors *;
    content-type text/html; charset=UTF-8
    date Tue, 14 Jul 2026 12:43:29 GMT
    etag 62c2c23f933720cb667a8d1406fa6b13-ssl-df
    referrer-policy strict-origin-when-cross-origin
    server Netlify
    strict-transport-security max-age=31536000; includeSubDomains; preload
    vary Accept-Encoding
    x-content-type-options nosniff
    x-frame-options SAMEORIGIN
    x-nf-request-id 01KXGAEQT14ZT7ETJ8SH4A4A38
    x-xss-protection 1; mode=block

    Meta Tags

    title="CSP Provider · Base UI"
    charset="utf-8"
    name="viewport" content="width=device-width, initial-scale=1"
    name="theme-color" media="(prefers-color-scheme: light)" content="white"
    name="theme-color" media="(prefers-color-scheme: dark)" content="black"
    name="description" content="A CSP provider component that applies a nonce to inline <style> and <script> tags rendered by Base UI components, and can disable inline <style> elements."
    name="keywords" content="Base UI CSP Provider,Content Security Policy,CSP nonce,React CSP,Inline script nonce,Inline style nonce"
    property="og:title" content="CSP Provider · Base UI"
    property="og:description" content="A CSP provider component that applies a nonce to inline <style> and <script> tags rendered by Base UI components, and can disable inline <style> elements."
    property="og:url" content="htt????/base-ui.com/react/utils/csp-provider"
    property="og:locale" content="en_US"
    property="og:ttl" content="604800"
    property="og:image:type" content="image/png"
    property="og:image:width" content="1200"
    property="og:image:height" content="630"
    property="og:image" content="htt????/base-ui.com/opengraph-image-12djat.png?b1b9e0366e512854"
    property="og:type" content="article"
    property="article:author" content="htt????/base-ui.com"
    name="twitter:card" content="summary_large_image"
    name="twitter:site" content="@base_ui"
    name="twitter:title" content="CSP Provider · Base UI"
    name="twitter:description" content="A CSP provider component that applies a nonce to inline <style> and <script> tags rendered by Base UI components, and can disable inline <style> elements."
    name="twitter:image:type" content="image/png"
    name="twitter:image:width" content="1200"
    name="twitter:image:height" content="630"
    name="twitter:image" content="htt????/base-ui.com/opengraph-image-12djat.png?b1b9e0366e512854"

    Load Info

    page size22429
    load time (s)0.446052
    redirect count1
    speed download50289
    server IP 15.197.167.90
    * all occurrences of the string "http://" have been changed to "htt???/"