Content Security Policy 1.0

- CR

Mitigate cross-site scripting attacks by only allowing certain sources of script, style, and other resources.

IE

  1. 5.5 - 9: Not supported
  2. 10: Partial support
  3. 11: Partial support

Edge

  1. 12 - 84: Supported
  2. 85: Supported

Firefox

  1. 2 - 3.6: Not supported
  2. 4 - 22: Supported
  3. 23 - 79: Supported
  4. 80: Supported
  5. 81 - 82: Supported

Chrome

  1. 4 - 13: Not supported
  2. 14 - 24: Supported
  3. 25 - 84: Supported
  4. 85: Supported
  5. 86 - 88: Supported

Safari

  1. 3.1 - 5: Not supported
  2. 5.1: Partial support
  3. 6 - 6.1: Supported
  4. 7 - 13.1: Supported
  5. 14: Supported
  6. TP: Supported

Opera

  1. 9 - 12.1: Not supported
  2. 15 - 69: Supported
  3. 70: Supported

iOS Safari

  1. 3.2 - 4.3: Not supported
  2. 5: Partial support
  3. 6: Supported
  4. 7 - 13.7: Supported
  5. 14.0: Supported

Opera Mini

  1. all: Not supported

Android Browser

  1. 2.1 - 4.3: Not supported
  2. 4.4 - 4.4.4: Supported
  3. 81: Supported

Blackberry Browser

  1. 7: Not supported
  2. 10: Supported

Opera Mobile

  1. 10 - 12.1: Not supported
  2. 46: Supported

Chrome for Android

  1. 85: Supported

Firefox for Android

  1. 79: Supported

IE Mobile

  1. 10: Partial support
  2. 11: Partial support

UC Browser for Android

  1. 12.12: Supported

Samsung Internet

  1. 4 - 11.2: Supported
  2. 12.0: Supported

QQ Browser

  1. 10.4: Supported

Baidu Browser

  1. 7.12: Supported

KaiOS Browser

  1. 2.5: Supported

The standard HTTP header is Content-Security-Policy which is used unless otherwise noted.

Resources:
CSP Examples & Quick Reference
MDN Web Docs - Content Security Policy
HTML5Rocks article