Skip to content
Web Monetization logoWeb Monetization
GitHub

Content-Security-Policy: monetization-src

The monetization-src directive within the HTTP Content-Security-Policy (CSP) allows you to restrict the URLs from which a payment pointer can be loaded.

CSP version3
Directive type

Fetch directive

Syntax

The basic syntax is as follows, where source is a serialized source list. More than one source can be allowed for the monetization-src policy:

Content-Security-Policy: monetization-src <source>;
Content-Security-Policy: monetization-src <source>, <source>;

Sources

<source> can be any one of the values listed in CSP Source Values.

Example

Violation case

A website administrator wants to restrict the URLs from which a payment pointer can be loaded.

Given this CSP header:

Content-Security-Policy: monetization-src https://www.wallet.example;

Fetches for the following monetization source will return a network error and not load, as the URL does not match the URL defined in the CSP source list.

<link rel="monetization" href="https://example.test/payment-pointer" />

Specifications