Default Attribute
self
Policy Description
The HTTP Content-Security-Policy (CSP)
connect-src
directive restricts the URLs which can be loaded using script interfaces. The APIs that are restricted are: <a>
ping, WindowOrWorkerGlobalScope.fetch, XMLHttpRequest, WebSocket, EventSource, and Navigator.sendBeacon().