{"id":1002,"date":"2025-06-16T08:55:27","date_gmt":"2025-06-16T08:55:27","guid":{"rendered":"https:\/\/www.img.vision\/help\/?p=1002"},"modified":"2025-06-16T08:58:22","modified_gmt":"2025-06-16T08:58:22","slug":"i-use-content-security-csp-on-my-website-what-domains-do-i-need-to-add-to-which-directives","status":"publish","type":"post","link":"https:\/\/www.img.vision\/help\/getting-started\/video-streaming\/i-use-content-security-csp-on-my-website-what-domains-do-i-need-to-add-to-which-directives\/","title":{"rendered":"I use Content Security (CSP) on my website, what domains do I need to add to which directives?"},"content":{"rendered":"\n<p>On the web, it is common for servers to add CORS (Cross-Origin Resource Sharing) headers to responses they serve to the browser. These headers serve a security measure to restrict what the web page can actually load (since the browser respect the headers directives and will not load assets not specified explicitly). Web pages don\u2019t usually want a script or some other asset being loaded from anywhere but only from a whitelist of allowed domains.<\/p>\n\n\n\n<p>One of these headers is the <a href=\"https:\/\/content-security-policy.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Content-Security-Policy<\/a> header.<\/p>\n\n\n\n<p>for the purpose of embedding videos in websites, users add a directive to the header their server serves. More specifically:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>iframe option<\/strong> &#8211; If you are embedding a video using our player, your should set <code>Content-Security-Policy: frame-src 'self' videodelivery.net *.cloudflarestream.com<\/code> CSP header directive which allows iframes to be loaded from the specified domains.<\/li>\n\n\n\n<li><strong>embed option<\/strong> &#8211; The same config as above will work.<\/li>\n\n\n\n<li><strong>direct link option + custom player<\/strong> &#8211; you need to add <code>Content-Security-Policy: media-src 'self' videodelivery.net *.cloudflarestream.com; img-src 'self' *.videodelivery.net *.cloudflarestream.com; connect-src 'self' *.videodelivery.net *.cloudflarestream.com<\/code> CSP header directive which allows media files to be loaded from specified domains.<\/li>\n<\/ol>\n\n\n\n<p>Web apps which don\u2019t enforce CORS headers (low security) don\u2019t need these directives configured at all.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On the web, it is common for servers to add CORS (Cross-Origin Resource Sharing) headers to responses they serve to the browser. These headers serve a security measure to restrict what the web page can actually load (since the browser respect the headers directives and will not load assets not specified explicitly). Web pages don\u2019t [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_swt_meta_header_display":false,"_swt_meta_footer_display":false,"_swt_meta_site_title_display":false,"_swt_meta_sticky_header":false,"_swt_meta_transparent_header":false,"footnotes":""},"categories":[447],"tags":[],"class_list":["post-1002","post","type-post","status-publish","format-standard","hentry","category-video-streaming"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>I use Content Security (CSP) on my website, what domains do I need to add to which directives?<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.img.vision\/help\/getting-started\/video-streaming\/i-use-content-security-csp-on-my-website-what-domains-do-i-need-to-add-to-which-directives\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"I use Content Security (CSP) on my website, what domains do I need to add to which directives?\" \/>\n<meta property=\"og:description\" content=\"On the web, it is common for servers to add CORS (Cross-Origin Resource Sharing) headers to responses they serve to the browser. These headers serve a security measure to restrict what the web page can actually load (since the browser respect the headers directives and will not load assets not specified explicitly). Web pages don\u2019t [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.img.vision\/help\/getting-started\/video-streaming\/i-use-content-security-csp-on-my-website-what-domains-do-i-need-to-add-to-which-directives\/\" \/>\n<meta property=\"og:site_name\" content=\"Img.vision Help Center\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/wwwimgvision\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-16T08:55:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-16T08:58:22+00:00\" \/>\n<meta name=\"author\" content=\"Mathias\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ImgVision\" \/>\n<meta name=\"twitter:site\" content=\"@ImgVision\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mathias\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"I use Content Security (CSP) on my website, what domains do I need to add to which directives?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.img.vision\/help\/getting-started\/video-streaming\/i-use-content-security-csp-on-my-website-what-domains-do-i-need-to-add-to-which-directives\/","og_locale":"en_US","og_type":"article","og_title":"I use Content Security (CSP) on my website, what domains do I need to add to which directives?","og_description":"On the web, it is common for servers to add CORS (Cross-Origin Resource Sharing) headers to responses they serve to the browser. These headers serve a security measure to restrict what the web page can actually load (since the browser respect the headers directives and will not load assets not specified explicitly). Web pages don\u2019t [&hellip;]","og_url":"https:\/\/www.img.vision\/help\/getting-started\/video-streaming\/i-use-content-security-csp-on-my-website-what-domains-do-i-need-to-add-to-which-directives\/","og_site_name":"Img.vision Help Center","article_publisher":"https:\/\/www.facebook.com\/wwwimgvision","article_published_time":"2025-06-16T08:55:27+00:00","article_modified_time":"2025-06-16T08:58:22+00:00","author":"Mathias","twitter_card":"summary_large_image","twitter_creator":"@ImgVision","twitter_site":"@ImgVision","twitter_misc":{"Written by":"Mathias","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.img.vision\/help\/getting-started\/video-streaming\/i-use-content-security-csp-on-my-website-what-domains-do-i-need-to-add-to-which-directives\/#article","isPartOf":{"@id":"https:\/\/www.img.vision\/help\/getting-started\/video-streaming\/i-use-content-security-csp-on-my-website-what-domains-do-i-need-to-add-to-which-directives\/"},"author":{"name":"Mathias","@id":"https:\/\/www.img.vision\/help\/#\/schema\/person\/bfbb2fdceadd8d9e3f1a0712376252d7"},"headline":"I use Content Security (CSP) on my website, what domains do I need to add to which directives?","datePublished":"2025-06-16T08:55:27+00:00","dateModified":"2025-06-16T08:58:22+00:00","mainEntityOfPage":{"@id":"https:\/\/www.img.vision\/help\/getting-started\/video-streaming\/i-use-content-security-csp-on-my-website-what-domains-do-i-need-to-add-to-which-directives\/"},"wordCount":201,"publisher":{"@id":"https:\/\/www.img.vision\/help\/#organization"},"articleSection":["Video streaming"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.img.vision\/help\/getting-started\/video-streaming\/i-use-content-security-csp-on-my-website-what-domains-do-i-need-to-add-to-which-directives\/","url":"https:\/\/www.img.vision\/help\/getting-started\/video-streaming\/i-use-content-security-csp-on-my-website-what-domains-do-i-need-to-add-to-which-directives\/","name":"I use Content Security (CSP) on my website, what domains do I need to add to which directives?","isPartOf":{"@id":"https:\/\/www.img.vision\/help\/#website"},"datePublished":"2025-06-16T08:55:27+00:00","dateModified":"2025-06-16T08:58:22+00:00","breadcrumb":{"@id":"https:\/\/www.img.vision\/help\/getting-started\/video-streaming\/i-use-content-security-csp-on-my-website-what-domains-do-i-need-to-add-to-which-directives\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.img.vision\/help\/getting-started\/video-streaming\/i-use-content-security-csp-on-my-website-what-domains-do-i-need-to-add-to-which-directives\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.img.vision\/help\/getting-started\/video-streaming\/i-use-content-security-csp-on-my-website-what-domains-do-i-need-to-add-to-which-directives\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Img.vision Help Center","item":"https:\/\/www.img.vision\/help\/"},{"@type":"ListItem","position":2,"name":"Getting Started","item":"https:\/\/www.img.vision\/help\/category\/getting-started\/"},{"@type":"ListItem","position":3,"name":"Video streaming","item":"https:\/\/www.img.vision\/help\/category\/getting-started\/video-streaming\/"},{"@type":"ListItem","position":4,"name":"I use Content Security (CSP) on my website, what domains do I need to add to which directives?"}]},{"@type":"WebSite","@id":"https:\/\/www.img.vision\/help\/#website","url":"https:\/\/www.img.vision\/help\/","name":"Img.vision","description":"","publisher":{"@id":"https:\/\/www.img.vision\/help\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.img.vision\/help\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.img.vision\/help\/#organization","name":"Img.vision","url":"https:\/\/www.img.vision\/help\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.img.vision\/help\/#\/schema\/logo\/image\/","url":"https:\/\/www.img.vision\/help\/wp-content\/uploads\/sites\/2\/2022\/12\/cropped-img-help-logo-copy.webp","contentUrl":"https:\/\/www.img.vision\/help\/wp-content\/uploads\/sites\/2\/2022\/12\/cropped-img-help-logo-copy.webp","width":180,"height":60,"caption":"Img.vision"},"image":{"@id":"https:\/\/www.img.vision\/help\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/wwwimgvision","https:\/\/x.com\/ImgVision","https:\/\/www.linkedin.com\/company\/img-vision\/","https:\/\/www.youtube.com\/@mathiasimgvision"]},{"@type":"Person","@id":"https:\/\/www.img.vision\/help\/#\/schema\/person\/bfbb2fdceadd8d9e3f1a0712376252d7","name":"Mathias","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4d6123d948b5b8d345d7ec3904ded255b32bc2e3ef265262a92a7c7e07993f98?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4d6123d948b5b8d345d7ec3904ded255b32bc2e3ef265262a92a7c7e07993f98?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d6123d948b5b8d345d7ec3904ded255b32bc2e3ef265262a92a7c7e07993f98?s=96&d=mm&r=g","caption":"Mathias"},"description":"Founder of Img.vision service and interested in everything related to image hosting and video hosting.","sameAs":["https:\/\/www.img.vision","https:\/\/www.linkedin.com\/in\/mathiasvolckaert\/"]}]}},"_links":{"self":[{"href":"https:\/\/www.img.vision\/help\/wp-json\/wp\/v2\/posts\/1002","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.img.vision\/help\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.img.vision\/help\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.img.vision\/help\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.img.vision\/help\/wp-json\/wp\/v2\/comments?post=1002"}],"version-history":[{"count":2,"href":"https:\/\/www.img.vision\/help\/wp-json\/wp\/v2\/posts\/1002\/revisions"}],"predecessor-version":[{"id":1005,"href":"https:\/\/www.img.vision\/help\/wp-json\/wp\/v2\/posts\/1002\/revisions\/1005"}],"wp:attachment":[{"href":"https:\/\/www.img.vision\/help\/wp-json\/wp\/v2\/media?parent=1002"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.img.vision\/help\/wp-json\/wp\/v2\/categories?post=1002"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.img.vision\/help\/wp-json\/wp\/v2\/tags?post=1002"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}