Content Security Policy 1.0
- CRMitigate cross-site scripting attacks by only allowing certain sources of script, style, and other resources.
Chrome
- 4 - 13: Not supported
- 14 - 24: Supported
- 25 - 116: Supported
- 117: Supported
- 118 - 120: Supported
Edge
- 12 - 116: Supported
- 117: Supported
Safari
- 3.1 - 5: Not supported
- 5.1: Partial support
- 6 - 6.1: Supported
- 7 - 16.5: Supported
- 16.6: Supported
- 17.0 - TP: Supported
Firefox
- 2 - 3.6: Not supported
- 4 - 22: Supported
- 23 - 116: Supported
- 117: Supported
- 118 - 120: Supported
Opera
- 9 - 12.1: Not supported
- 15 - 101: Supported
- 102: Supported
IE
- 5.5 - 9: Not supported
- 10: Partial support
- 11: Partial support
Chrome for Android
- 117: Supported
Safari on iOS
- 3.2 - 4.3: Not supported
- 5: Partial support
- 6: Supported
- 7 - 16.6: Supported
- 17.0: Supported
- 17.1: Supported
Samsung Internet
- 4 - 21: Supported
- 22: Supported
Opera Mini
- all: Not supported
Opera Mobile
- 10 - 12.1: Not supported
- 73: Supported
UC Browser for Android
- 15.5: Supported
Android Browser
- 2.1 - 4.3: Not supported
- 4.4 - 4.4.4: Supported
- 117: Supported
Firefox for Android
- 117: Supported
QQ Browser
- 13.1: Supported
Baidu Browser
- 13.18: Supported
KaiOS Browser
- 2.5: Supported
- 3: Supported
The standard HTTP header is Content-Security-Policy
which is used unless otherwise noted.