CSP (Content Security Policy)
GPTKB entity
Statements (55)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
web security standard
|
| gptkbp:appliesTo |
web applications
web browsers |
| gptkbp:canBeBypassedBy |
misconfiguration
|
| gptkbp:category |
Web standards
Web security HTTP headers |
| gptkbp:controls |
sources of content
|
| gptkbp:definedIn |
gptkb:World_Wide_Web_Consortium
|
| gptkbp:directive |
sandbox
connect-src default-src font-src frame-src img-src media-src object-src report-uri script-src style-src base-uri block-all-mixed-content child-src form-action frame-ancestors manifest-src navigate-to plugin-types require-sri-for upgrade-insecure-requests worker-src |
| gptkbp:enables |
reporting of policy violations
|
| gptkbp:enforcedBy |
browser
|
| gptkbp:fullName |
gptkb:Content_Security_Policy
|
| gptkbp:hasVersion |
gptkb:CSP_Level_1
gptkb:CSP_Level_2 gptkb:CSP_Level_3 |
| https://www.w3.org/2000/01/rdf-schema#label |
CSP (Content Security Policy)
|
| gptkbp:introducedIn |
2012
|
| gptkbp:prevention |
inline script execution
unauthorized resource loading |
| gptkbp:purpose |
prevent cross-site scripting
mitigate code injection attacks |
| gptkbp:relatedTo |
X-Content-Security-Policy
X-WebKit-CSP |
| gptkbp:specifies |
HTTP header
meta tag |
| gptkbp:status |
gptkb:W3C_Recommendation
|
| gptkbp:supportedBy |
gptkb:Google_Chrome
gptkb:Mozilla_Firefox gptkb:opera gptkb:Microsoft_Edge gptkb:Safari |
| gptkbp:bfsParent |
gptkb:HTML_Script_Element
|
| gptkbp:bfsLayer |
5
|