Content Security Policy 1.0
Mitigate cross-site scripting attacks by only allowing certain sources of script, style, and other resources.
Content Security Policy Level 2
Mitigate cross-site scripting attacks by only allowing certain sources of script, style, and other resources. CSP 2 adds hash-source, nonce-source, and five new directives
html element: meta: http-equiv: http-equiv="content-security-policy"
headers http header: content-security-policy-report-only
headers http header: content-security-policy: base-uri
headers http header: content-security-policy: block-all-mixed-content
headers http header: content-security-policy: child-src
headers http header: content-security-policy: connect-src
headers http header: content-security-policy: default-src
headers http header: content-security-policy: fenced-frame-src
headers http header: content-security-policy: font-src
headers http header: content-security-policy: form-action
headers http header: content-security-policy: form-action: redirects are blocked after a form submission
headers http header: content-security-policy: frame-ancestors
headers http header: content-security-policy: frame-src
headers http header: content-security-policy: img-src
headers http header: content-security-policy: manifest-src
headers http header: content-security-policy: media-src
headers http header: content-security-policy: `<meta>` element support
headers http header: content-security-policy: object-src
headers http header: content-security-policy: prefetch-src
headers http header: content-security-policy: `report-sample` source value
headers http header: content-security-policy: report-to
headers http header: content-security-policy: report-uri
headers http header: content-security-policy: require-trusted-types-for
headers http header: content-security-policy: sandbox
headers http header: content-security-policy: script-src
headers http header: content-security-policy: script-src-attr
headers http header: content-security-policy: script-src-elem
headers http header: content-security-policy: script-src: external scripts with hash
headers http header: content-security-policy: script-src: `inline-speculation-rules` source expression
headers http header: content-security-policy: script-src: source expression allowing webassembly execution
headers http header: content-security-policy: `strict-dynamic` source value
headers http header: content-security-policy: style-src
headers http header: content-security-policy: style-src-attr
headers http header: content-security-policy: style-src-elem
headers http header: content-security-policy: trusted-types
headers http header: content-security-policy: `unsafe-hashes` source value
headers http header: content-security-policy: upgrade-insecure-requests
headers http header: content-security-policy: worker-src
headers http header: content-security-policy: worker support
41 results found.