CoCalc -- index.md

GitHub Repository: mohamedkhallouq/content
Path: blob/main/files/en-us/web/http/headers/content-security-policy/prefetch-src/index.md
⁶⁵²¹ views

---

title: "CSP: prefetch-src"
slug: Web/HTTP/Headers/Content-Security-Policy/prefetch-src
status:
  - experimental
browser-compat: http.headers.Content-Security-Policy.prefetch-src

---

The HTTP {{HTTPHeader("Content-Security-Policy")}} (CSP) prefetch-src directive specifies valid resources that may be prefetched or prerendered.

CSP version	3
Directive type	{{Glossary("Fetch directive")}}
{{CSP("default-src")}} fallback	Yes. If this directive is absent, the user agent will look for the `default-src` directive.

Syntax

One or more sources can be allowed for the prefetch-src policy:

Content-Security-Policy: prefetch-src <source>;
Content-Security-Policy: prefetch-src <source> <source>;

Sources

<source> can be any one of the values listed in CSP Source Values.

Note that this same set of values can be used in all {{Glossary("fetch directive", "fetch directives")}} (and a number of other directives).

Example

Prefetch resources do not match header

Given a page with the following Content Security Policy:

Content-Security-Policy: prefetch-src https://example.com/

Fetches for the following code will return network errors, as the URLs provided do not match prefetch-src's source list:

<link rel="prefetch" href="https://example.org/" />
<link rel="prerender" href="https://example.org/" />

Syntax

Sources

Example

Prefetch resources do not match header

Specifications

Browser compatibility

See also

Product

Resources

Company