# Custom Content Security Policy Settings

### Overview

We've introduced the option for you to configure your company's CSP directives controlling resource loading and enhanced security.

<figure><img src="/files/6AdfBqtTY7wOGto7CBQb" alt=""><figcaption></figcaption></figure>

The new Content Security Policy section can be found in the Settings area of Builder.&#x20;

<figure><img src="/files/PfFHAnrpqgNAtdiJ1Yc1" alt=""><figcaption></figcaption></figure>

### Supported CSP Directives

The CSP directives that you can configure are listed below:

|              |                                                                                                                                      |
| ------------ | ------------------------------------------------------------------------------------------------------------------------------------ |
| default-src  | Default policy for loading content such as JavaScript, Images, CSS, Fonts, AJAX requests, Frames, HTML5 Media, and Object resources. |
| connect-src  | Valid sources for XMLHttpRequest, WebSocket, and EventSource connections                                                             |
| font-src     | Valid sources for fonts                                                                                                              |
| frame-src    | Valid sources for nested browsing contexts loading using elements such as \<frame> and \<iframe>                                     |
| img-src      | Valid sources for images                                                                                                             |
| object-src   | Valid sources for \<object>, \<embed>, and \<applet> elements                                                                        |
| script-src   | Valid sources for JavaScript                                                                                                         |
| style-src    | Valid sources for stylesheets                                                                                                        |
| manifest-src | Valid sources for web app manifests                                                                                                  |
| prefetch-src | Valid sources for \<link rel='prefetch'> elements                                                                                    |
| worker-src   | Valid sources for Worker, SharedWorker, or ServiceWorker scripts                                                                     |
| media-src    | Valid sources for \<audio> and \<video> elements                                                                                     |

Each directive will allow you to add and remove values when needed.

<figure><img src="/files/zdeKl5k0KX4e3wXBFC5v" alt=""><figcaption></figcaption></figure>

When you have added directive values, you will be able to see a generated CSP header in the Policy Preview field at the foot of the Content Security Policy section.

<figure><img src="/files/TCO6RwiE5gt5DmjsCpE6" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enate.net/whats-new/november-2025-feature-wave/november-2025-feature-wave/custom-content-security-policy-settings.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.