Custom Content Security Policy Settings

Overview

We've introduced the option for you to configure your company's CSP directives controlling resource loading and enhanced security.

The new Content Security Policy section can be found in the Settings area of Builder.

Supported CSP Directives

The CSP directives that you can configure are listed below:

default-src

Default policy for loading content such as JavaScript, Images, CSS, Fonts, AJAX requests, Frames, HTML5 Media, and Object resources.

connect-src

Valid sources for XMLHttpRequest, WebSocket, and EventSource connections

font-src

Valid sources for fonts

frame-src

Valid sources for nested browsing contexts loading using elements such as <frame> and <iframe>

img-src

Valid sources for images

object-src

Valid sources for <object>, <embed>, and <applet> elements

script-src

Valid sources for JavaScript

style-src

Valid sources for stylesheets

manifest-src

Valid sources for web app manifests

prefetch-src

Valid sources for <link rel='prefetch'> elements

worker-src

Valid sources for Worker, SharedWorker, or ServiceWorker scripts

media-src

Valid sources for <audio> and <video> elements

Each directive will allow you to add and remove values when needed.

When you have added directive values, you will be able to see a generated CSP header in the Policy Preview field at the foot of the Content Security Policy section.

PreviousChange to Maximum Email Size NextEmail Sentiment Report Enhancements

Last updated 2 months ago

Was this helpful?

hashtagOverview

hashtagSupported CSP Directives

Overview

Supported CSP Directives