Content Security Policy directives

Content-Security-Policy is the name of a HTTP response header that modern browsers use to enhance the security of the document (or web page). The Content-Security-Policy header allows you to restrict how resources such as JavaScript, CSS, or pretty much anything that the browser loads.

Although it is primarily used as a HTTP response header, you can also apply it via a meta tag.

The term Content Security Policy is often abbreviated as CSP.

Content Security Policy is supported by all the major modern browsers, and has been for many years. It is not supported in Internet Explorer.

The Content-Security-Policy header value is made up of one or more directives. The directives necessary for the Fundraise Up platform to function are listed below:

1connect-src
2  fndrsp.net
3  fndrsp-checkout.net
4  *.fundraiseup.com
5  *.stripe.com
6  *.paypal.com // optional, for paypal payments
7  *.paypalobjects.com  // optional, for paypal payments
8  *.plaid.com // optional, for bank transfers or stock donations
9  *.mastercard.com // optional, for click to pay
10  *.checkout.visa.com // optional, for click to pay
11  pay.google.com // optional, for google pay
12  https://google.com/pay  // optional, for google pay
13  api.addressy.com // optional, for UK based accounts
14
15script-src
16  *.fundraiseup.com
17  *.stripe.com
18  m.stripe.network
19  *.plaid.com // optional, for bank transfers or stock donations
20  *.src.mastercard.com // optional, for click to pay
21  *.checkout.visa.com // optional, for click to pay
22  pay.google.com // optional, for google pay
23  *.paypal.com // optional, for paypal payments
24  *.paypalobjects.com  // optional, for paypal payments
25
26frame-src
27   *.fundraiseup.com
28   *.stripe.com
29   *.src.mastercard.com // optional, for click to pay
30   *.checkout.visa.com // optional, for click to pay
31   *.plaid.com // optional, for bank transfers or stock donations
32   *.paypal.com // optional, for paypal payments
33   pay.google.com // optional, for google pay
34
35img-src
36   data:
37   *.fundraiseup.com
38   ucarecdn.com
39   pay.google.com // optional, for google pay
40   *.paypalobjects.com  // optional, for paypal payments
41
42font-src
43   *.fundraiseup.com
44   *.stripe.com
45
46style-src
47  'unsafe-inline'
48  

Still need help?

Need help with something not covered in Support Center? Connect with a support engineer for more assistance.
Email us