What does Network Status "blocked: CSP" mean?

The network status “Blocked: CSP” means that the browser has prevented a resource—usually a script, image, or stylesheet—from loading because it violates the website’s Content Security Policy (CSP). CSP is a security mechanism that allows website owners to define which sources are permitted to load specific types of content.

In our specific case, the error might occur because the fraud0 JavaScript tag tries to load from https://api.fraud0.com/, but the current CSP settings on the website don’t include this domain in the script-src directive. As a result, the browser blocks the script for security reasons, and the fraud0 tracking script cannot run.

To resolve this, the domain https://api.fraud0.com/ needs to be explicitly added to the script-src part of the site’s CSP.

This error might not occur on other sites if they have a more permissive CSP (a so called “Catch-All”-CSP-Header: e.g., using default-src * data: blob: 'unsafe-inline' 'unsafe-eval'), which allows scripts from many sources by default—but such configurations are less secure.

In summary, “Blocked: CSP” signals that a resource was rejected due to strict content loading rules, and the solution is to adjust the policy to explicitly allow trusted sources.