Defines the valid sources for web workers and nested browsing contexts loaded using elements such as and .

Restricts the URLs which can be loaded using script interfaces.

Serves as a fallback for the other fetch directives.

Specifies valid sources for fonts loaded using @font-face.

Specifies valid sources for nested browsing contexts loading using elements such as and .

Specifies valid sources of images and favicons.

Specifies valid sources of application manifest files.

Specifies valid sources for loading media using the , and elements.

Specifies valid sources for the , , and elements.

Specifies valid sources to be prefetched or prerendered.

Specifies valid sources for JavaScript.

Specifies valid sources for JavaScript elements.

Specifies valid sources for JavaScript inline event handlers.

Specifies valid sources for stylesheets.

Specifies valid sources for stylesheets elements and elements with rel="stylesheet".

Specifies valid sources for inline styles applied to individual DOM elements.

Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.

Restricts the URLs which can be used in a document's element.

Enables a sandbox for the requested resource similar to the sandbox attribute.

Restricts the URLs which can be used as the target of a form submissions from a given context.

Specifies valid parents that may embed a page using , , , , or .

Restricts the URLs to which a document can initiate navigation by any means, including (if form-action is not specified), , window.location, window.open, etc.

The URI to report CSP violations to.