Security

Content Security Policy (CSP)

A Content Security Policy (CSP) is a security measure that helps prevent various types of attacks, such as cross-site scripting (XSS) and data injection, by specifying which sources of content are allowed to be loaded and executed.

If you are using a CSP, please make sure you include the required sources as shown in the table below:

DirectiveValue to include
script-srchttps://*.captchafox.com blob:
connect-srchttps://*.captchafox.com
style-srchttps://*.captchafox.com
img-srchttps://*.captchafox.com
media-srchttps://*.captchafox.com

Nonce

A nonce (number used once) is a randomly generated, unique value added to the nonce attribute of a <script> tag to control which inline scripts are allowed to run on a webpage under a Content Security Policy (CSP).

If you are using a nonce-based approach to loading the script tags, please make sure you also include your nonce in the api.js script tag.

Example:

<script nonce="<NONCE>" async defer src="https://cdn.captchafox.com/api.js"></script>