Skip to content
Web Monetization logo Web Monetization

Content-Security-Policy: monetization-src

The monetization-src directive within the HTTP Content-Security-Policy (CSP) allows you to restrict the URLs from which an Open Payments-enabled wallet address, such as a payment pointer, can be loaded.

CSP version3
Directive type

Fetch directive


The basic syntax is as follows, where source is a serialized source list. More than one source can be allowed for the monetization-src policy:

Content-Security-Policy: monetization-src <source>;
Content-Security-Policy: monetization-src <source>, <source>;


<source> can be any one of the values listed in CSP Source Values.


Violation case

A website administrator wants to restrict the URLs from which a wallet address can be loaded.

Given this CSP header:

Content-Security-Policy: monetization-src https://www.wallet.example;

Fetches for the following monetization source will return a network error and not load, as the URL does not match the URL defined in the CSP source list.

<link rel="monetization" href="https://example.test/payment-pointer" />