Web features explorer - Content Security Policy (CSP)

Web features explorer

Tags: api html http Groups: Security

Content Security Policy (CSP) helps to mitigate certain security threats, including cross-site scripting (XSS) and clickjacking attacks. It consists of a set of directives from a website to a browser, which instruct the browser to restrict the things that the site is allowed to do. To learn more, see CSPViolationReportBody, CSPViolationReportBody: blockedURL property, CSPViolationReportBody: columnNumber property, CSPViolationReportBody: disposition property, CSPViolationReportBody: documentURL property, CSPViolationReportBody: effectiveDirective property, CSPViolationReportBody: lineNumber property, CSPViolationReportBody: originalPolicy property, CSPViolationReportBody: referrer property, CSPViolationReportBody: sample property, CSPViolationReportBody: sourceFile property, CSPViolationReportBody: statusCode property, CSPViolationReportBody: toJSON() method, Document: securitypolicyviolation event, Element: securitypolicyviolation event, HTMLIFrameElement: csp property, SecurityPolicyViolationEvent, SecurityPolicyViolationEvent: SecurityPolicyViolationEvent() constructor, SecurityPolicyViolationEvent: blockedURI property, SecurityPolicyViolationEvent: columnNumber property, SecurityPolicyViolationEvent: disposition property, SecurityPolicyViolationEvent: documentURI property, SecurityPolicyViolationEvent: effectiveDirective property, SecurityPolicyViolationEvent: lineNumber property, SecurityPolicyViolationEvent: originalPolicy property, SecurityPolicyViolationEvent: referrer property, SecurityPolicyViolationEvent: sample property, SecurityPolicyViolationEvent: sourceFile property, SecurityPolicyViolationEvent: statusCode property, SecurityPolicyViolationEvent: violatedDirective property, WorkerGlobalScope: securitypolicyviolation event, Content-Security-Policy, Content-Security-Policy-Report-Only, CSP: base-uri, CSP: child-src, CSP: connect-src, CSP: default-src, CSP: font-src, CSP: form-action, CSP: frame-ancestors, CSP: frame-src, CSP: img-src, CSP: manifest-src, CSP: media-src, CSP: object-src, CSP: report-to, CSP: sandbox, CSP: script-src, CSP: script-src-attr, CSP: script-src-elem, CSP: style-src, CSP: style-src-attr, CSP: style-src-elem, CSP: upgrade-insecure-requests, CSP: worker-src at MDN.

Compatibility (view on caniuse.com)

Chrome 25 Released on 2013-02-21
Chrome Android 25 Released on 2013-02-27
Edge 14 Released on 2016-08-02
Firefox 23 Released on 2013-08-06
Firefox for Android 23 Released on 2013-08-06
Safari 7 Released on 2013-10-22
Safari on iOS 7 Released on 2013-09-18

Specifications

Content Security Policy Level 3, from Web Application Security Working Group (W3C).