Skip to main content

CSP: monetization-src

The Content-Security-Policy (CSP) monetization-src directive restricts the list of URLs from which a payment endpoint is loaded.

Syntax

One or more sources may be allowed for the monetization-src policy:

Content-Security-Policy: monetization-src <source>;
Content-Security-Policy: monetization-src <source>, <source>;

Sources

<source> can be any one of the values listed in CSP Source Values.

Examples

Violation cases

Given this CSP header:

Content-Security-Policy: monetization-src https://www.example.com

The following monetization source will not load, as the url doesn't match the one defined in the Content-Security-Policy:

<link rel="monetization" href="https://example.org/payment-pointer">

Specifications

Browser compatibility