• Skip to main content
  • Skip to search
  • Skip to select language
MDN Web Docs
  • References
    • Overview / Web Technology

      Web technology reference for developers

    • HTML

      Structure of content on the web

    • CSS

      Code used to describe document style

    • JavaScript

      General-purpose scripting language

    • HTTP

      Protocol for transmitting web resources

    • Web APIs

      Interfaces for building web applications

    • Web Extensions

      Developing extensions for web browsers

    • Accessibility

      Build web projects usable for all

    • Web Technology

      Web technology reference for developers

  • Learn
    • Overview / MDN Learning Area

      Learn web development

    • MDN Learning Area

      Learn web development

    • HTML

      Learn to structure web content with HTML

    • CSS

      Learn to style content using CSS

    • JavaScript

      Learn to run scripts in the browser

    • Accessibility

      Learn to make the web accessible to all

  • Plus
    • Overview

      A customized MDN experience

    • AI Help

      Get real-time assistance and support

    • Updates

      All browser compatibility updates at a glance

    • Documentation

      Learn how to use MDN Plus

    • FAQ

      Frequently asked questions about MDN Plus

  • Curriculum New
  • Blog
    • Playground

      Write, test and share your code

    • HTTP Observatory

      Scan a website for free

    • AI Help

      Get real-time assistance and support

  • Log in
  • Sign up for free
  1. References
  2. HTTP
  3. Reference
  4. Headers
  5. Content-Security-Policy
  6. default-src
    • Deutsch
    • Français
    • 日本語
    • 한국어
    • 中文 (简体)

In this article

  • Syntax
  • Examples
  • Specifications
  • Browser compatibility
  • See also
  1. HTTP
  2. Guides
  3. Overview of HTTP
  4. Evolution of HTTP
  5. A typical HTTP session
  6. HTTP messages
  7. Media types
    1. Common types
  8. Compression in HTTP
  9. HTTP caching
  10. HTTP authentication
  11. Using HTTP cookies
  12. Redirections in HTTP
  13. Conditional requests
  14. Range requests
  15. Client hints
  16. Compression Dictionary Transport Experimental
  17. Network Error Logging Experimental
  18. Content negotiation
    1. Default Accept values
  19. Browser detection using the UA string
  20. Connection management in HTTP/1.x
  21. Protocol upgrade mechanism
  22. Proxy servers and tunneling
    1. Proxy Auto-Configuration (PAC) file
  23. Security and privacy
    1. HTTP Observatory
    2. Practical implementation guides
    3. Permissions Policy Experimental
    4. Cross-Origin Resource Policy (CORP)
    5. Cross-Origin Resource Sharing (CORS)
    6. CORS errors
      1. Reason: CORS disabled
      2. Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz'
      3. Reason: CORS header 'Access-Control-Allow-Origin' missing
      4. Reason: CORS header 'Origin' cannot be added
      5. Reason: CORS preflight channel did not succeed
      6. Reason: CORS request did not succeed
      7. Reason: CORS request external redirect not allowed
      8. Reason: CORS request not HTTP
      9. Reason: Credential is not supported if the CORS header 'Access-Control-Allow-Origin' is '*'
      10. Reason: Did not find method in CORS header 'Access-Control-Allow-Methods'
      11. Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials'
      12. Reason: invalid token 'xyz' in CORS header 'Access-Control-Allow-Headers'
      13. Reason: invalid token 'xyz' in CORS header 'Access-Control-Allow-Methods'
      14. Reason: missing token 'xyz' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel
      15. Reason: Multiple CORS header 'Access-Control-Allow-Origin' not allowed
    7. Content Security Policy (CSP)
      1. Errors and warnings
  24. Reference
  25. HTTP headers
    1. Accept
    2. Accept-CH
    3. Accept-Encoding
    4. Accept-Language
    5. Accept-Patch
    6. Accept-Post
    7. Accept-Ranges
    8. Access-Control-Allow-Credentials
    9. Access-Control-Allow-Headers
    10. Access-Control-Allow-Methods
    11. Access-Control-Allow-Origin
    12. Access-Control-Expose-Headers
    13. Access-Control-Max-Age
    14. Access-Control-Request-Headers
    15. Access-Control-Request-Method
    16. Age
    17. Allow
    18. Alt-Svc
    19. Alt-Used
    20. Attribution-Reporting-Eligible Experimental
    21. Attribution-Reporting-Register-Source Experimental
    22. Attribution-Reporting-Register-Trigger Experimental
    23. Authorization
    24. Available-Dictionary Experimental
    25. Cache-Control
    26. Clear-Site-Data