# Custom Content Security Policy Settings

You can configure your company's CSP directives controlling resource loading and enhanced security via the custom content security policy settings in Builder.

<figure><img src="/files/Wr76izfCPsgU4SmHwZEA" alt=""><figcaption></figcaption></figure>

The Content Security Policy section can be found in the Settings area of Builder.&#x20;

<figure><img src="/files/yzvRirLHGqNATMwToZPG" alt=""><figcaption></figcaption></figure>

### Supported CSP Directives

The CSP directives that you can configure are listed below:

| <p><br>default-src</p> | Default policy for loading content such as JavaScript, Images, CSS, Fonts, AJAX requests, Frames, HTML5 Media, and Object resources. |
| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
| connect-src            | Valid sources for XMLHttpRequest, WebSocket, and EventSource connections                                                             |
| font-src               | Valid sources for fonts                                                                                                              |
| frame-src              | Valid sources for nested browsing contexts loading using elements such as \<frame> and \<iframe>                                     |
| img-src                | Valid sources for images                                                                                                             |
| object-src             | Valid sources for \<object>, \<embed>, and \<applet> elements                                                                        |
| script-src             | Valid sources for JavaScript                                                                                                         |
| style-src              | Valid sources for stylesheets                                                                                                        |
| manifest-src           | Valid sources for web app manifests                                                                                                  |
| prefetch-src           | Valid sources for \<link rel='prefetch'> elements                                                                                    |
| worker-src             | Valid sources for Worker, SharedWorker, or ServiceWorker scripts                                                                     |
| media-src              | Valid sources for \<audio> and \<video> elements                                                                                     |

You can add and remove values for each directive whenever you need.

<figure><img src="/files/GuxWf6KwSLxtBkDK2aJo" alt=""><figcaption></figcaption></figure>

When you have added directive values, you will see a generated CSP header in the Policy Preview field at the foot of the Content Security Policy section.

<figure><img src="/files/mtWcPXqZlHPEdphRBSdn" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enate.net/enate-help/builder/builder-2021.1/system-wide-settings/custom-content-security-policy-settings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.