Skip to main content

CSP: monetization-src

The Content-Security-Policy (CSP) monetization-src directive restricts the list of URLs from which a payment endpoint is loaded.

Syntax

One or more sources may be allowed for the monetization-src policy:

Content-Security-Policy: monetization-src
<source />
; Content-Security-Policy: monetization-src
<source />
,
<source />
;

Sources

<source> can be any one of the values listed in CSP Source Values.

Examples

Violation cases

Given this CSP header:

Content-Security-Policy: monetization-src https://www.example.com

The following monetization source will not load, as the url doesn't match the one defined in the Content-Security-Policy:

<link rel="monetization" href="https://example.org/payment-pointer" />

Specifications

Browser compatibility

desktopmobile
Chrome
Edge
Firefox
Internet Explorer
Opera
Safari
WebView Android
Chrome Android
Firefox for Android
Opera Android
Safari on iOS
Samsung Internet
Puma Browser
monetization-src
YesYesYesNoYesNoNoNoNoNoNoNoYes
Full Support
No Support
You'll need to use a Web Monetization Extension