Web platform features explorer - Content Security Policy (CSP)

Web platform features explorer

Tags: api html http Groups: Security

Content Security Policy (CSP) helps to mitigate certain security threats, including cross-site scripting (XSS) and clickjacking attacks. It consists of a set of directives from a website to a browser, which instruct the browser to restrict the things that the site is allowed to do.

Learning resources on MDN

No MDN documentation found. You can search for the feature on MDN. If you believe that MDN has no documentation about this feature, you can open an issue on MDN's GitHub repository.

Browser support (view on caniuse.com)

Chrome 25 Released on 2013-02-21
Chrome Android 25 Released on 2013-02-27
Edge 14 Released on 2016-08-02
Firefox 23 Released on 2013-08-06
Firefox for Android 23 Released on 2013-08-06
Safari 7 Released on 2013-10-22
Safari on iOS 7 Released on 2013-09-18

Surveys

State of HTML 2023: features/all_features question
State of HTML 2023: content/content_features question

Specifications

Content Security Policy Level 3, from Web Application Security Working Group (W3C).

View web-platform-tests results for this feature - View the feature source file (dist) - Edit the feature - Report an issue about this feature