CSP (Content Security Policy)
GPTKB entity
Statements (55)
Predicate | Object |
---|---|
gptkbp:instanceOf |
web security standard
|
gptkbp:appliesTo |
web applications
web browsers |
gptkbp:canBeBypassedBy |
misconfiguration
|
gptkbp:category |
Web standards
Web security HTTP headers |
gptkbp:controls |
sources of content
|
gptkbp:definedIn |
gptkb:World_Wide_Web_Consortium
|
gptkbp:directive |
sandbox
connect-src default-src font-src frame-src img-src media-src object-src report-uri script-src style-src base-uri block-all-mixed-content child-src form-action frame-ancestors manifest-src navigate-to plugin-types require-sri-for upgrade-insecure-requests worker-src |
gptkbp:enables |
reporting of policy violations
|
gptkbp:enforcedBy |
browser
|
gptkbp:fullName |
gptkb:Content_Security_Policy
|
gptkbp:hasVersion |
gptkb:CSP_Level_1
gptkb:CSP_Level_2 gptkb:CSP_Level_3 |
https://www.w3.org/2000/01/rdf-schema#label |
CSP (Content Security Policy)
|
gptkbp:introducedIn |
2012
|
gptkbp:prevention |
inline script execution
unauthorized resource loading |
gptkbp:purpose |
prevent cross-site scripting
mitigate code injection attacks |
gptkbp:relatedTo |
X-Content-Security-Policy
X-WebKit-CSP |
gptkbp:specifies |
HTTP header
meta tag |
gptkbp:status |
gptkb:W3C_Recommendation
|
gptkbp:supportedBy |
gptkb:Google_Chrome
gptkb:Mozilla_Firefox gptkb:opera gptkb:Microsoft_Edge gptkb:Safari |
gptkbp:bfsParent |
gptkb:HTML_Script_Element
|
gptkbp:bfsLayer |
5
|