CSP directives supported by policies
Page Shield monitors scripts loaded on your website and the connections they make. Monitored resources are displayed in the Monitors dashboard.
Page Shield policies support most Content Security Policy (CSP) directives, covering both monitored and unmonitored resources. You can use a policy to control other types of resources besides scripts and their connections, even though Page Shield is not monitoring these resources.
Each CSP directive can contain multiple values, including schemes, hostnames, URIs, and special keywords between single quotes (such as 'none'
). Hostname and URI values support a *
wildcard for the leftmost subdomain.
The following table lists the supported CSP directives and keywords you can use in Page Shield policies:
Directive | Name in the dashboard | Supported keywords | Monitored |
---|---|---|---|
script-src | Scripts | 'none' 'self' 'unsafe-inline' 'unsafe-eval' | Yes |
connect-src | Connections | 'none' 'self' 'unsafe-inline' 'unsafe-eval' | Yes |
default-src | Default | 'none' 'self' 'unsafe-inline' 'unsafe-eval' | No |
img-src | Images | 'none' 'self' 'unsafe-inline' 'unsafe-eval' | No |
style-src | Styles | 'none' 'self' 'unsafe-inline' 'unsafe-eval' | No |
font-src | Fonts | 'none' 'self' 'unsafe-inline' 'unsafe-eval' | No |
object-src | Objects | 'none' 'self' 'unsafe-inline' 'unsafe-eval' | No |
media-src | Media | 'none' 'self' 'unsafe-inline' 'unsafe-eval' | No |
child-src | Child | 'none' 'self' 'unsafe-inline' 'unsafe-eval' | No |
form-action | Form actions | 'none' 'self' 'unsafe-inline' 'unsafe-eval' | No |
worker-src | Workers | 'none' 'self' 'unsafe-inline' 'unsafe-eval' | No |
base-uri | Base URI | 'none' 'self' 'unsafe-inline' 'unsafe-eval' | No |
manifest-src | Manifests | 'none' 'self' 'unsafe-inline' 'unsafe-eval' | No |
frame-src | Frames | 'none' 'self' 'unsafe-inline' 'unsafe-eval' | No |
frame-ancestors | Frame ancestors | 'none' 'self' | No |
upgrade-insecure-requests | Upgrade insecure requests | N/A | No |
More resources
For more information on CSP directives and their values, refer to the following resources in the MDN documentation: