monetization-src directive within the HTTP Content-Security-Policy (CSP) allows you to restrict the URLs from which a payment pointer can be loaded.
The basic syntax is as follows, where
source is a serialized source list. More than one source can be allowed for the
Content-Security-Policy: monetization-src <source>; Content-Security-Policy: monetization-src <source>, <source>;
<source> can be any one of the values listed in CSP Source Values.
A website administrator wants to restrict the URLs from which a payment pointer can be loaded.
Given this CSP header:
Content-Security-Policy: monetization-src https://www.wallet.example;
Fetches for the following monetization source will return a network error and not load, as the URL does not match the URL defined in the CSP source list.
<link rel="monetization" href="https://example.test/payment-pointer" />