Fetch directive

{{Glossary("CSP")}}  fetch directives are used in a {{HTTPHeader("Content-Security-Policy")}}  header and control locations from which certain resource types may be loaded. For instance, {{CSP("script-src")}}  allows developers to allow trusted sources of script to execute on a page, while {{CSP("font-src")}}  controls the sources of web fonts.

All fetch directives fall back to {{CSP("default-src")}} . That means, if a fetch directive is absent in the CSP header, the user agent will look for the default-src directive.

See Fetch directives for a complete list.

See also

• Related glossary terms:
  • {{Glossary("CSP")}} 
  • {{Glossary("Reporting directive")}} 
  • {{Glossary("Document directive")}} 
  • {{Glossary("Navigation directive")}} 
• Reference
  • Fetch directives specification
  • {{HTTPHeader("Content-Security-Policy/upgrade-insecure-requests", "upgrade-insecure-requests")}} 
  • {{HTTPHeader("Content-Security-Policy/block-all-mixed-content", "block-all-mixed-content")}} 
  • {{HTTPHeader("Content-Security-Policy")}}