🏠 New in Low Baseline Support: Content Security Policy (CSP)

August 2, 2016

caniuse · mdn · spec

Content Security Policy (CSP) helps to mitigate certain security threats, including cross-site scripting (XSS) and clickjacking attacks. It consists of a set of directives from a website to a browser, which instruct the browser to restrict the things that the site is allowed to do.

Source features

• http.headers.Content-Security-Policy [mdn]
• http.headers.Content-Security-Policy-Report-Only [mdn]
• http.headers.Content-Security-Policy.default-src [mdn]
• http.headers.Content-Security-Policy.font-src [mdn]
• http.headers.Content-Security-Policy.frame-src [mdn]
• http.headers.Content-Security-Policy.img-src [mdn]
• http.headers.Content-Security-Policy.media-src [mdn]
• http.headers.Content-Security-Policy.object-src [mdn]
• http.headers.Content-Security-Policy.script-src [mdn]
• http.headers.Content-Security-Policy.style-src [mdn]
• http.headers.Content-Security-Policy.connect-src [mdn]
• http.headers.Content-Security-Policy.sandbox [mdn]
• http.headers.Content-Security-Policy.form-action [mdn]
• http.headers.Content-Security-Policy.child-src [mdn]
• html.elements.meta.http-equiv.content-security-policy [mdn]
• http.headers.Content-Security-Policy.frame-ancestors [mdn]
• http.headers.Content-Security-Policy.upgrade-insecure-requests [mdn]
• http.headers.Content-Security-Policy.meta-element-support [mdn]
• api.Element.securitypolicyviolation_event [mdn]
• api.SecurityPolicyViolationEvent [mdn]
• api.SecurityPolicyViolationEvent.SecurityPolicyViolationEvent [mdn]
• api.SecurityPolicyViolationEvent.blockedURI [mdn]
• api.SecurityPolicyViolationEvent.columnNumber [mdn]
• api.SecurityPolicyViolationEvent.documentURI [mdn]
• api.SecurityPolicyViolationEvent.effectiveDirective [mdn]
• api.SecurityPolicyViolationEvent.lineNumber [mdn]
• api.SecurityPolicyViolationEvent.originalPolicy [mdn]
• api.SecurityPolicyViolationEvent.referrer [mdn]
• api.SecurityPolicyViolationEvent.sourceFile [mdn]
• api.SecurityPolicyViolationEvent.statusCode [mdn]
• api.SecurityPolicyViolationEvent.violatedDirective [mdn]
• api.WorkerGlobalScope.securitypolicyviolation_event [mdn]
• http.headers.Content-Security-Policy.base-uri [mdn]
• http.headers.Content-Security-Policy.manifest-src [mdn]
• http.headers.Content-Security-Policy.worker_support [mdn]
• api.SecurityPolicyViolationEvent.disposition [mdn]
• api.SecurityPolicyViolationEvent.sample [mdn]
• http.headers.Content-Security-Policy.report-sample [mdn]
• api.Document.securitypolicyviolation_event [mdn]
• http.headers.Content-Security-Policy.worker-src [mdn]
• http.headers.Content-Security-Policy.script-src.wasm-unsafe-eval [mdn]
• http.headers.Content-Security-Policy.script-src-attr [mdn]
• http.headers.Content-Security-Policy.script-src-elem [mdn]
• http.headers.Content-Security-Policy.style-src-attr [mdn]
• http.headers.Content-Security-Policy.style-src-elem [mdn]
• http.headers.Content-Security-Policy.unsafe-hashes [mdn]
• http.headers.Content-Security-Policy.script-src.external_scripts [mdn]
• http.headers.Content-Security-Policy.strict-dynamic [mdn]
• api.SecurityPolicyViolationEvent.worker_support [mdn]
• http.headers.Content-Security-Policy.report-to [mdn]
• api.HTMLIFrameElement.csp [mdn]
• html.elements.iframe.csp [mdn]
• api.CSPViolationReportBody [mdn]
• api.CSPViolationReportBody.blockedURL [mdn]
• api.CSPViolationReportBody.columnNumber [mdn]
• api.CSPViolationReportBody.disposition [mdn]
• api.CSPViolationReportBody.documentURL [mdn]
• api.CSPViolationReportBody.effectiveDirective [mdn]
• api.CSPViolationReportBody.lineNumber [mdn]
• api.CSPViolationReportBody.originalPolicy [mdn]
• api.CSPViolationReportBody.referrer [mdn]
• api.CSPViolationReportBody.sample [mdn]
• api.CSPViolationReportBody.sourceFile [mdn]
• api.CSPViolationReportBody.statusCode [mdn]
• api.CSPViolationReportBody.toJSON [mdn]