diff --git a/src/languages/csp.js b/src/languages/csp.js
index 21c87721ad..d4db4984e0 100644
--- a/src/languages/csp.js
+++ b/src/languages/csp.js
@@ -15,6 +15,7 @@ export default function(hljs) {
     "child-src",
     "connect-src",
     "default-src",
+    "fenced-frame-src",
     "font-src",
     "form-action",
     "frame-ancestors",
@@ -24,10 +25,16 @@ export default function(hljs) {
     "media-src",
     "object-src",
     "plugin-types",
+    "report-to",
     "report-uri",
+    "require-trusted-types-for",
     "sandbox",
     "script-src",
+    "script-src-attr",
+    "script-src-elem",
     "style-src",
+    "style-src-attr",
+    "style-src-elem",
     "trusted-types",
     "unsafe-hashes",
     "worker-src"
diff --git a/test/detect/csp/default.txt b/test/detect/csp/default.txt
index 8e68bad89e..9a54e2b4e8 100644
--- a/test/detect/csp/default.txt
+++ b/test/detect/csp/default.txt
@@ -1,5 +1,13 @@
 Content-Security-Policy:
     default-src 'self';
     style-src 'self' css.example.com;
+    style-src-attr 'none';
+    style-src-elem https://example.com/;
     img-src *.example.com;
+    fenced-frame-src https://example.com/;
+    report-to name-of-endpoint;
+    require-trusted-types-for 'script';
+    script-src 'self';
+    script-src-attr 'none';
+    script-src-elem https://example.com/;
     script-src 'unsafe-eval' 'self' js.example.com 'nonce-Nc3n83cnSAd3wc3Sasdfn939hc3'
diff --git a/test/markup/csp/default.expect.txt b/test/markup/csp/default.expect.txt
index b8f346f918..0fd70da0e6 100644
--- a/test/markup/csp/default.expect.txt
+++ b/test/markup/csp/default.expect.txt
@@ -1,5 +1,13 @@
 <span class="hljs-attribute">Content-Security-Policy</span>:
     <span class="hljs-keyword">default-src</span> <span class="hljs-string">&#x27;self&#x27;</span>;
     <span class="hljs-keyword">style-src</span> <span class="hljs-string">&#x27;self&#x27;</span> css.example.com;
+    <span class="hljs-keyword">style-src-attr</span> <span class="hljs-string">&#x27;none&#x27;</span>;
+    <span class="hljs-keyword">style-src-elem</span> https://example.com/;
     <span class="hljs-keyword">img-src</span> *.example.com;
+    <span class="hljs-keyword">fenced-frame-src</span> https://example.com/;
+    <span class="hljs-keyword">report-to</span> name-of-endpoint;
+    <span class="hljs-keyword">require-trusted-types-for</span> <span class="hljs-string">&#x27;script&#x27;</span>;
+    <span class="hljs-keyword">script-src</span> <span class="hljs-string">&#x27;self&#x27;</span>;
+    <span class="hljs-keyword">script-src-attr</span> <span class="hljs-string">&#x27;none&#x27;</span>;
+    <span class="hljs-keyword">script-src-elem</span> https://example.com/;
     <span class="hljs-keyword">script-src</span> <span class="hljs-string">&#x27;unsafe-eval&#x27;</span> <span class="hljs-string">&#x27;self&#x27;</span> js.example.com <span class="hljs-string">&#x27;nonce-Nc3n83cnSAd3wc3Sasdfn939hc3&#x27;</span>
diff --git a/test/markup/csp/default.txt b/test/markup/csp/default.txt
index 8e68bad89e..9a54e2b4e8 100644
--- a/test/markup/csp/default.txt
+++ b/test/markup/csp/default.txt
@@ -1,5 +1,13 @@
 Content-Security-Policy:
     default-src 'self';
     style-src 'self' css.example.com;
+    style-src-attr 'none';
+    style-src-elem https://example.com/;
     img-src *.example.com;
+    fenced-frame-src https://example.com/;
+    report-to name-of-endpoint;
+    require-trusted-types-for 'script';
+    script-src 'self';
+    script-src-attr 'none';
+    script-src-elem https://example.com/;
     script-src 'unsafe-eval' 'self' js.example.com 'nonce-Nc3n83cnSAd3wc3Sasdfn939hc3'