Web platform features explorer - Content Security Policy (CSP)

Web platform features explorer

Content Security Policy (CSP) helps to mitigate certain security threats, including cross-site scripting (XSS) and clickjacking attacks. It consists of a set of directives from a website to a browser, which instruct the browser to restrict the things that the site is allowed to do.

Status

Baseline Widely Available (since 2019-02-02)

MDN documentation

Content Security Policy (CSP)

Specifications

Content Security Policy Level 3, from Web Application Security Working Group (W3C).

Browser support (view on caniuse.com)

Chrome 25 Released on 2013-02-21
Chrome Android 25 Released on 2013-02-27
Edge 14 Released on 2016-08-02
Firefox 23 Released on 2013-08-06
Firefox for Android 23 Released on 2013-08-06
Safari 7 Released on 2013-10-22
Safari on iOS 7 Released on 2013-09-18

Developer signals

State of HTML 2025: features/all_features question
State of HTML 2024: features/all_features question
State of HTML 2024: content/content_features question
State of HTML 2023: features/all_features question
State of HTML 2023: content/content_features question

View as JSON | Edit this feature | Report an issue | Web-features entry: source, dist