HOME
ABOUT
- RESULTS
- differences
- BENEFITS
- HISTORY
- TEAM
- LOCATION
- FACILITIES
- BANKING
- MEMBERSHIPS
- APPROVALS
- LICENCES
- SUPPLIERS
- SPONSORSHIPS
- MEDIA
- PRIVACY
AUCTIONS
SHIPPING
FEES
- TS REWARDS
TOOLS
guides
FAQ
CONTACT
- CONNECT

VEHICLES
BRAND
- JAPANESE CARS
  - DAIHATSU
  - EUNOS
  - FORD
  - HONDA
  - ISUZU
  - LEXUS
  - MAZDA
  - MITSUBISHI
  - MITSUOKA
  - NISSAN
  - SUBARU
  - SUZUKI
  - TOYOTA
- GERMAN CARS
- AMERICAN CARS
- BRITISH CARS
- ITALIAN CARS
- FRENCH CARS
- SWEDISH CARS
- KOREAN CARS
TYPE
- mobility
- VENDING
- instruction
- TAXIS
- AMBULANCES
- FIRE ENGINES
- HEARSES
- LIMOUSINES
- COMMERCIAL
CLASS
FUEL
TRUCKS
minitrucks
- DAIHATSU
- HONDA
- MAZDA
- MITSUBISHI
- NISSAN
- SUBARU
- SUZUKI
- DUMP
- CRANE
- CAMPER
- REFRIGERATED
- 4WD
- NEW
BUSES
MOTORHOMES
- YAHOO!
- RAKUTEN
- DEALER

PARTS
- FREE REPORT
- PARTS CONTAINERS
- PARTS SYSTEMS
- PARTS PROTECTION
- BODY SHELLS
- DISMANTLING
- ONLINE PARTS
- NEW PARTS
- INTERIOR PARTS
- EXTERIOR PARTS
  - BONNETS
  - BUMPERS
  - GRILLES
  - FENDERS
  - DOORS
  - TRUNKS
  - SPOILERS
  - LIGHTS
  - EMBLEMS
  - CAMERAS
- ENGINES
- TRANSMISSIONS
- WHEELS & TYRES
  - WHEELS
  - TYRES
CUTS
PERFORMANCE PARTS
TRUCK PARTS
MOTORBIKE PARTS
- MOTORBIKE ENGINES
- MOTORBIKE ACCESSORIES

MOTORBIKES
MARINE
FORKLIFTS
MACHINERY
AGRICULTURAL
OTHER
COUNTRY
- AUSTRALIA
- CANADA
- KENYA
- MYANMAR
- NEW ZEALAND
- PAKISTAN
- TANZANIA
- UNITED STATES

CARVIEW

MOTORHOMES

Select Language

HTTP/2 301 content-length: 162 content-type: text/html date: Wed, 15 Oct 2025 07:27:38 GMT location: https://developer.mozilla.org/en-US/docs/Web/API/HTMLIFrameElement/csp server: nginx strict-transport-security: max-age=60; includeSubDomains via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 HTTP/2 200 x-guploader-uploadid: AAwnv3KWZgL0Bp9VQH4PK5BfjhmU0epfxYyUWhT8utV9K0_OIX_pQeWVYiFWXhJb7DZzAUpD x-goog-generation: 1760403951842326 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 144410 x-goog-meta-goog-reserved-file-mtime: 1760402412 x-goog-hash: crc32c=Qtf5RA==, md5=+KU42/87ed1JfL0D+ScIGA== x-goog-storage-class: STANDARD accept-ranges: none expires: Wed, 15 Oct 2025 07:34:08 GMT cache-control: public, max-age=3600 last-modified: Tue, 14 Oct 2025 01:05:51 GMT etag: W/"f8a538dbff3b79dd497cbd03f9270818" content-type: text/html age: 3210 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 alt-svc: clear referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff strict-transport-security: max-age=63072000 content-security-policy: default-src 'self'; script-src 'report-sample' 'self' 'wasm-unsafe-eval' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-XNBp89FG76amD8BqrJzyflxOF9PaWPqPqvJfKZPCv7M=' 'sha256-YCNoU9DNiinACbd8n6UPyB/8vj0kXvhkOni9/06SuYw=' 'sha256-PZjP7OR6mBEtnvXIZfCZ5PuOlxoDF1LDZL8aj8c42rw='; script-src-elem 'report-sample' 'self' 'wasm-unsafe-eval' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-XNBp89FG76amD8BqrJzyflxOF9PaWPqPqvJfKZPCv7M=' 'sha256-YCNoU9DNiinACbd8n6UPyB/8vj0kXvhkOni9/06SuYw=' 'sha256-PZjP7OR6mBEtnvXIZfCZ5PuOlxoDF1LDZL8aj8c42rw='; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' developer.allizom.org bcd.developer.allizom.org bcd.developer.mozilla.org updates.developer.allizom.org updates.developer.mozilla.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://incoming.telemetry.mozilla.org https://observatory-api.mdn.allizom.net https://observatory-api.mdn.mozilla.net https://api.github.com/search/issues stats.g.doubleclick.net https://api.stripe.com; font-src 'self'; frame-src 'self' interactive-examples.mdn.mozilla.net interactive-examples.mdn.allizom.net mdn.github.io live-samples.mdn.mozilla.net live-samples.mdn.allizom.net *.mdnplay.dev *.mdnyalp.dev *.play.test.mdn.allizom.net https://v2.scrimba.com https://scrimba.com jsfiddle.net www.youtube-nocookie.com codepen.io survey.alchemer.com https://js.stripe.com; img-src 'self' data: *.githubusercontent.com *.googleusercontent.com *.gravatar.com mozillausercontent.com firefoxusercontent.com profile.stage.mozaws.net profile.accounts.firefox.com developer.mozilla.org mdn.dev interactive-examples.mdn.mozilla.net interactive-examples.mdn.allizom.net wikipedia.org upload.wikimedia.org https://mdn.github.io/shared-assets/ https://mdn.dev/ https://*.google-analytics.com https://*.googletagmanager.com www.gstatic.com; manifest-src 'self'; media-src 'self' archive.org videos.cdn.mozilla.net https://mdn.github.io/shared-assets/; child-src 'self'; worker-src 'self'; x-frame-options: DENY origin-trial: AxVILwizhbMjxFeHOn1P3R8niO1RJY/smaK4B4d1rLzc1gTaxtXMSaTi+FoigYgCw40uFRDwFcEAeqDR+vVLOW4AAABfeyJvcmlnaW4iOiJodHRwczovL2RldmVsb3Blci5tb3ppbGxhLm9yZyIsImZlYXR1cmUiOiJQcml2YXRlQXR0cmlidXRpb25WMiIsImV4cGlyeSI6MTc0MjA3OTYwMH0= x-cloud-trace-context: 81e405ab9eb372922c8669e23823253c date: Wed, 15 Oct 2025 07:27:38 GMT server: Google Frontend via: 1.1 google vary: Accept-Encoding content-encoding: gzip x-cache: miss HTMLIFrameElement: csp property - Web APIs | MDN

Skip to main content
Skip to search

HTML: Markup language

HTML reference

Elements
Global attributes
Attributes
See all…

HTML guides

Responsive images
HTML cheatsheet
Date & time formats
See all…

Markup languages

SVG
MathML
XML

CSS: Styling language

CSS reference

Properties
Selectors
At-rules
Values & units
See all…

CSS guides

Box model
Animations
Flexbox
Colors
See all…

Layout cookbook

Column layouts
Centering an element
Card component
See all…

JavaScript: Scripting language

JS reference

Standard built-in objects
Expressions & operators
Statements & declarations
Functions
See all…

JS guides

Control flow & error handing
Loops and iteration
Working with objects
Using classes
See all…

Web APIs: Programming interfaces

Web API reference

File system API
Fetch API
Geolocation API
HTML DOM API
Push API
Service worker API
See all…

Web API guides

Using the Web animation API
Using the Fetch API
Working with the History API
Using the Web speech API
Using web workers

All web technology

Technologies

Accessibility
HTTP
URI
Web extensions
WebAssembly
WebDriver
See all…

Topics

Media
Performance
Privacy
Security
Progressive web apps

Learn web development

Frontend developer course

Getting started
Common questions
Curriculum

Learn HTML

Introduction to HTML
Getting started with HTML

Learn CSS

What is CSS
Getting started with CSS

Learn JavaScript

How to use data attributes
Add JavaScript to your web page

Discover our tools

Playground
HTTP Observatory

Border-image generator
Border-radius generator
Box-shadow generator
Color format converter
Color mixer
Shape generator

Get to know MDN better

About MDN
Advertise with us

Community
MDN on GitHub

Blog

Web
Web APIs
HTMLIFrameElement
csp

HTMLIFrameElement: csp property

Limited availability

This feature is not Baseline because it does not work in some of the most widely-used browsers.

Learn more
See full compatibility
Report feedback

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The csp property of the HTMLIFrameElement interface specifies the Content Security Policy that an embedded document must agree to enforce upon itself.

Value

A content security policy.

Specifications

Specification
Content Security Policy: Embedded Enforcement # dom-htmliframeelement-csp

Browser compatibility

Help improve MDN

Learn how to contribute

This page was last modified on ⁨Mar 13, 2025⁩ by MDN contributors.

View this page on GitHub • Report a problem with this content

The HTML DOM API
HTMLIFrameElement
Instance properties
1. allow
2. allowFullscreen
3. allowPaymentRequest Non-standard Deprecated
4. browsingTopics Experimental Non-standard
5. contentDocument
6. contentWindow
7. credentialless Experimental
8. csp Experimental
9. featurePolicy Experimental
10. height
11. loading
12. name
13. referrerPolicy
14. sandbox
15. src
16. srcdoc
17. width
Instance methods
1. getSVGDocument()
Inheritance
Related pages for HTML DOM
Guides
1. Using microtasks in JavaScript with queueMicrotask()
2. In depth: Microtasks and the JavaScript runtime environment

Your blueprint for a better internet.

MDN

About
Blog
Mozilla careers
Advertise with us
MDN Plus
Product help

Contribute

MDN Community
Community resources
Writing guidelines
MDN Discord
MDN on GitHub

Developers

Web technologies
Learn web development
Guides
Tutorials
Glossary
Hacks blog

Website Privacy Notice
Cookies
Legal
Community Participation Guidelines

Visit Mozilla Corporation’s not-for-profit parent, the Mozilla Foundation.
Portions of this content are ©1998–⁨2025⁩ by individual mozilla.org contributors. Content available under a Creative Commons license.

HOME
ABOUT
AUCTIONS
SHIPPING
FEES
TOOLS
HOW
FAQ
CONTACT

Original Source | Taken Source