default-src Fallback for fetch directives that are not otherwise set.
Temizle 'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
script-src Sources for JavaScript (and other script-like) execution.
Henuz kaynak yok. Direktif default-src'ye dusecek.
'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
Nonce uretNonce'u <script nonce=…> tag'larina aktarmayi unutma. script-src-elem Sources allowed for <script> elements.
Henuz kaynak yok. Direktif default-src'ye dusecek.
'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
Nonce uretNonce'u <script nonce=…> tag'larina aktarmayi unutma. script-src-attr Sources allowed for inline event handlers like onclick.
Henuz kaynak yok. Direktif default-src'ye dusecek.
'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
Nonce uretNonce'u <script nonce=…> tag'larina aktarmayi unutma. style-src Sources for stylesheets — <style>, <link rel=stylesheet>, etc.
Henuz kaynak yok. Direktif default-src'ye dusecek.
'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
Nonce uretNonce'u <script nonce=…> tag'larina aktarmayi unutma. style-src-elem Sources allowed for <style> and <link rel=stylesheet>.
Henuz kaynak yok. Direktif default-src'ye dusecek.
'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
Nonce uretNonce'u <script nonce=…> tag'larina aktarmayi unutma. style-src-attr Sources allowed for inline style attributes.
Henuz kaynak yok. Direktif default-src'ye dusecek.
'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
Nonce uretNonce'u <script nonce=…> tag'larina aktarmayi unutma. img-src Sources for images, including favicons and srcset.
Henuz kaynak yok. Direktif default-src'ye dusecek.
'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
font-src Sources for fonts loaded via @font-face.
Henuz kaynak yok. Direktif default-src'ye dusecek.
'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
connect-src Endpoints reachable via fetch, XHR, WebSocket, EventSource.
Henuz kaynak yok. Direktif default-src'ye dusecek.
'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
media-src Sources for <audio>, <video> and <track>.
Henuz kaynak yok. Direktif default-src'ye dusecek.
'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
object-src Sources for <object>, <embed> and <applet>. Use 'none'.
Temizle 'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
child-src Sources for web workers and nested frames. Replaced by worker-src + frame-src.
Henuz kaynak yok. Direktif default-src'ye dusecek.
'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
frame-src Sources permitted inside <frame> and <iframe>.
Henuz kaynak yok. Direktif default-src'ye dusecek.
'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
worker-src Sources for Worker, SharedWorker and ServiceWorker scripts.
Henuz kaynak yok. Direktif default-src'ye dusecek.
'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
manifest-src Sources for the application manifest file.
Henuz kaynak yok. Direktif default-src'ye dusecek.
'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss:
prefetch-src Sources for prefetched / prerendered resources (deprecated).
Henuz kaynak yok. Direktif default-src'ye dusecek.
'self' 'none' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'unsafe-hashes' 'wasm-unsafe-eval' 'report-sample'
https: http: data: blob: mediastream: filesystem: ws: wss: