1. Content Security Policy 1.0

    Mitigate cross-site scripting attacks by only allowing certain sources of script, style, and other resources.

  2. Content Security Policy Level 2

    Mitigate cross-site scripting attacks by only allowing certain sources of script, style, and other resources. CSP 2 adds hash-source, nonce-source, and five new directives

  3. html element: meta: http-equiv: http-equiv="content-security-policy"

  4. headers http header: content-security-policy-report-only

  5. headers http header: content-security-policy: base-uri

  6. headers http header: content-security-policy: block-all-mixed-content

  7. headers http header: content-security-policy: child-src

  8. headers http header: content-security-policy: connect-src

  9. headers http header: content-security-policy: default-src

  10. headers http header: content-security-policy: fenced-frame-src

  11. headers http header: content-security-policy: font-src

  12. headers http header: content-security-policy: form-action

  13. headers http header: content-security-policy: form-action: redirects are blocked after a form submission

  14. headers http header: content-security-policy: frame-ancestors

  15. headers http header: content-security-policy: frame-src

  16. headers http header: content-security-policy: img-src

  17. headers http header: content-security-policy: manifest-src

  18. headers http header: content-security-policy: media-src

  19. headers http header: content-security-policy: `<meta>` element support

  20. headers http header: content-security-policy: object-src

  21. headers http header: content-security-policy: prefetch-src

  22. headers http header: content-security-policy: `report-sample` source value

  23. headers http header: content-security-policy: report-to

  24. headers http header: content-security-policy: report-uri

  25. headers http header: content-security-policy: require-trusted-types-for

  26. headers http header: content-security-policy: sandbox

  27. headers http header: content-security-policy: script-src

  28. headers http header: content-security-policy: script-src-attr

  29. headers http header: content-security-policy: script-src-elem

  30. headers http header: content-security-policy: script-src: external scripts with hash

  31. headers http header: content-security-policy: script-src: `inline-speculation-rules` source expression

  32. headers http header: content-security-policy: script-src: source expression allowing webassembly execution

  33. headers http header: content-security-policy: `strict-dynamic` source value

  34. headers http header: content-security-policy: style-src

  35. headers http header: content-security-policy: style-src-attr

  36. headers http header: content-security-policy: style-src-elem

  37. headers http header: content-security-policy: trusted-types

  38. headers http header: content-security-policy: `unsafe-hashes` source value

  39. headers http header: content-security-policy: upgrade-insecure-requests

  40. headers http header: content-security-policy: worker-src

  41. headers http header: content-security-policy: worker support