Content Security Policy (CSP)
A Content Security Policy (CSP) is a security measure that helps prevent various types of attacks, such as cross-site scripting (XSS) and data injection, by specifying which sources of content are allowed to be loaded and executed.
If you are using a CSP, please make sure you include the required sources as shown in the table below:
| Directive | Value to include |
|---|---|
| script-src | https://*.captchafox.com blob: |
| connect-src | https://*.captchafox.com |
| style-src | https://*.captchafox.com |
| img-src | https://*.captchafox.com |
| media-src | https://*.captchafox.com |
Nonce
A nonce (number used once) is a randomly generated, unique value added to the nonce attribute
of a <script> tag to control which inline scripts are allowed to run on a
webpage under a Content Security Policy (CSP).
If you are using a nonce-based approach to loading the script tags, please make sure you also include your nonce in the api.js script tag.
Example:
<script nonce="<NONCE>" async defer src="https://cdn.captchafox.com/api.js"></script>