Content Security Policy (CSP)
Content Security Policy (CSP) helps to mitigate certain security threats, including cross-site scripting (XSS) and clickjacking attacks. It consists of a set of directives from a website to a browser, which instruct the browser to restrict the things that the site is allowed to do.
Status
Baseline Widely Available (since 2019-02-02)
MDN documentation
Specifications
Browser support (view on caniuse.com)
- Chrome 25 Released on 2013-02-21
- Chrome Android 25 Released on 2013-02-27
- Edge 14 Released on 2016-08-02
- Firefox 23 Released on 2013-08-06
- Firefox for Android 23 Released on 2013-08-06
- Safari 7 Released on 2013-10-22
- Safari on iOS 7 Released on 2013-09-18
Developer signals
- State of HTML 2025: features/all_features question
- State of HTML 2024: features/all_features question
- State of HTML 2024: content/content_features question
- State of HTML 2023: features/all_features question
- State of HTML 2023: content/content_features question
View as JSON | Edit this feature | Report an issue | Web-features entry: source, dist