1. Content Security Policy 1.0

    Mitigate cross-site scripting attacks by only allowing certain sources of script, style, and other resources.

  2. Content Security Policy Level 2

    Mitigate cross-site scripting attacks by only allowing certain sources of script, style, and other resources. CSP 2 adds hash-source, nonce-source, and five new directives

  3. html element: meta: http-equiv: content-security-policy

  4. headers http header: content-security-policy-report-only

  5. headers http header: content-security-policy: base-uri

  6. headers http header: content-security-policy: block-all-mixed-content

  7. headers http header: content-security-policy: child-src

  8. headers http header: content-security-policy: connect-src

  9. headers http header: content-security-policy: default-src

  10. headers http header: content-security-policy: font-src

  11. headers http header: content-security-policy: form-action

  12. headers http header: content-security-policy: frame-ancestors

  13. headers http header: content-security-policy: frame-src

  14. headers http header: content-security-policy: img-src

  15. headers http header: content-security-policy: manifest-src

  16. headers http header: content-security-policy: media-src

  17. headers http header: content-security-policy: `<meta>` element support

  18. headers http header: content-security-policy: object-src

  19. headers http header: content-security-policy: plugin-types

  20. headers http header: content-security-policy: prefetch-src

  21. headers http header: content-security-policy: referrer

  22. headers http header: content-security-policy: report-sample

  23. headers http header: content-security-policy: report-to

  24. headers http header: content-security-policy: report-uri

  25. headers http header: content-security-policy: require-trusted-types-for

  26. headers http header: content-security-policy: sandbox

  27. headers http header: content-security-policy: script-src

  28. headers http header: content-security-policy: script-src-attr

  29. headers http header: content-security-policy: script-src-elem

  30. headers http header: content-security-policy: script-src: with external scripts

  31. headers http header: content-security-policy: script-src: source expression allowing webassembly execution

  32. headers http header: content-security-policy: strict-dynamic

  33. headers http header: content-security-policy: style-src

  34. headers http header: content-security-policy: style-src-attr

  35. headers http header: content-security-policy: style-src-elem

  36. headers http header: content-security-policy: trusted-types

  37. headers http header: content-security-policy: unsafe-hashes

  38. headers http header: content-security-policy: upgrade-insecure-requests

  39. headers http header: content-security-policy: worker-src

  40. headers http header: content-security-policy: worker support