Sign In
Start Free Trial
Adobe Fonts (Typekit)

CSP for Adobe Fonts (Typekit)

Design
Add Package to Your CSP

Using Adobe Fonts (Typekit) with Content Security Policy

Adobe fonts (Typekit) is a popular online service which offers a subscription library of fonts.

Allow these directives in your CSP, to support Adobe Fonts (Typekit) in your Content Security Policy:

script-src
  https://use.typekit.net;
style-src
  'unsafe-inline'
  *.typekit.net;
img-src
  *.typekit.net;
font-src
  data:
  use.typekit.net;
connect-src
  use.typekit.net
  performance.typekit.net;

The main domains used by Adobe Fonts (Typekit) are:

typekit.net

Sources:

Using Adobe Fonts (Typekit) with Content Security Policy(Offical Docs)
RapidSec CSP Generator(RapidSec Data Network)
Generate a CSP with Adobe Fonts (Typekit)

Example Content-Security-Policy violations / reports:

Using the above CSP package, will fix these errors that you may be seeing in your console logs:

script-src/script-src-elem/script-src-attrviolations

Refused to load the script '{{resource}}' because it violates the following Content Security Policy directive: "script-src 'self' 'report-sample'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

script-src/script-src-elem/script-src-attrviolations

Refused to load the script '{{resource}}' because it violates the following Content Security Policy directive: "script-src 'self' 'report-sample'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

script-src/script-src-elem/script-src-attrviolations

Refused to load the script '{{resource}}' because it violates the following Content Security Policy directive: "script-src 'self' 'report-sample'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

style-src/style-src-elem/style-src-attrviolations

Refused to load the stylesheet 'https://use.typekit.net/nmp1knf.css' because it violates the following Content Security Policy directive: "style-src 'self' 'report-sample'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.

style-src/style-src-elem/style-src-attrviolations

Refused to load the stylesheet 'https://use.typekit.net/nmp1knf.css' because it violates the following Content Security Policy directive: "style-src 'self' 'report-sample'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.

font-srcviolations

Refused to load the font 'https://use.typekit.net' because it violates the following Content Security Policy directive: "font-src 'self'"

img-srcviolations

Refused to load the image 'typekit.net' because it violates the following Content Security Policy directive: "img-src 'self'".

frame-srcviolations

[Report Only] Refused to frame 'typekit.net' because it violates the following Content Security Policy directive: "frame-src 'self'".

form-actionviolations

[Report Only] Refused to send form data to 'typekit.net' because it violates the following Content Security Policy directive: "form-action 'self'".

connect-srcviolations

[Report Only] Refused to connect to 'typekit.net' because it violates the following Content Security Policy directive: "connect-src 'self'"
Add Package to Your CSPorGenerate Your CSP