Content Security Policy directives

Content-Security-Policy is the name of a HTTP response header that modern browsers use to enhance the security of the document (or web page). The Content-Security-Policy header allows you to restrict how resources such as JavaScript, CSS, or pretty much anything that the browser loads.

Although it is primarily used as a HTTP response header, you can also apply it via a meta tag.

The term Content Security Policy is often abbreviated as CSP.

Content Security Policy is supported by all the major modern browsers, and has been for many years. It is not supported in Internet Explorer.

The Content-Security-Policy header value is made up of one or more directives. The directives necessary for the Fundraise Up platform to function are listed below:

1connect-src
2  fndrsp.net
3  fndrsp-checkout.net
4  *.fundraiseup.com
5  *.stripe.com
6  *.paypal.com // optional, for PayPal payments
7  *.plaid.com // optional, for US bank transfers or stock donations
8  *.mastercard.com // optional, for Click To Pay
9  *.checkout.visa.com // optional, for Click To Pay
10  api.addressy.com // optional, for UK based accounts
11
12script-src
13  *.fundraiseup.com
14  *.stripe.com
15  m.stripe.network
16  *.plaid.com // optional, for US bank transfers or stock donations
17  *.src.mastercard.com // optional, for Click To Pay
18  *.checkout.visa.com // optional, for Click To Pay
19  pay.google.com // optional, for Google Pay
20  *.paypal.com // optional, for PayPal payments
21
22frame-src
23   *.fundraiseup.com
24   *.stripe.com
25   *.plaid.com // optional, for US bank transfers or stock donations
26   *.paypal.com // optional, for PayPal payments
27   pay.google.com // optional, for Google Pay
28
29img-src
30   data:
31   *.fundraiseup.com
32   ucarecdn.com
33   pay.google.com // optional, for Google Pay
34
35font-src
36   *.fundraiseup.com
37   *.stripe.com
38
39style-src
40  'unsafe-inline'

Still need help?

Need help with something not covered in Support Center? Connect with a support engineer for more assistance.
Email us