CSP
fetch directives
are used in a
Content-Security-Policy
header and control locations from which certain resource types may be loaded. For instance,
script-src
allows developers to allow trusted sources of script to execute on a page, while
font-src
controls the sources of web fonts.
All fetch directives fall back to
default-src
. That means, if a fetch directive is absent in the CSP header, the user agent will look for the
default-src
directive.
See
Fetch directives
for a complete list.