-
Notifications
You must be signed in to change notification settings - Fork 0
Directive: prefetch src
Ryan Parman edited this page Jun 14, 2024
·
8 revisions
Caution
Obsolete: The prefetch-src directive existed in an earlier draft of the CSP Level 3 (Draft) specification, but was removed.
The prefetch-src directive was meant to restrict link rel=prefetch and link rel=prerender before it was removed from the spec — the latter of which has been removed from the HTML specification. In its place, see the Speculation Rules API.
Affects: <link rel=prefetch> and <link rel=prerender>
Required reading:
✅ prefetch-src will fallback to default-src if it is undefined.
-
CSP-0803 — [ERROR] directive
%swas experimental in CSP3, but should now be removed from CSP policies
Content licensed under CC BY-SA.
- 🧪 Experimental, with limited support
⚠️ Important notes on usage- 🚫 Deprecated or obsolete
- base-uri
- block-all-mixed-content 🚫
- child-src
- connect-src
- default-src
- fenced-frame-src 🧪
- font-src
- form-action
- frame-ancestors
- frame-src
- img-src
- manifest-src
- media-src
- navigate-to 🚫
- object-src
- plugin-types 🚫
- prefetch-src 🚫
- referrer 🚫
- report-to 🧪
-
report-uri
⚠️ - require-trusted-types-for 🧪
- sandbox
- script-src-attr
- script-src-elem
- script-src
- style-src-attr
- style-src-elem
- style-src
- trusted-types 🧪
- upgrade-insecure-requests
- webrtc
- worker-src