connect-src

Default Attribute

self

Policy Description

The HTTP Content-Security-Policy (CSP) connect-src directive restricts the URLs which can be loaded using script interfaces. The APIs that are restricted are: <a> ping, WindowOrWorkerGlobalScope.fetch, XMLHttpRequest, WebSocket, EventSource, and Navigator.sendBeacon().