CSP (Content Security Policy)

GPTKB entity

Statements (55)
Predicate Object
gptkbp:instanceOf web security standard
gptkbp:appliesTo web applications
web browsers
gptkbp:canBeBypassedBy misconfiguration
gptkbp:category Web standards
Web security
HTTP headers
gptkbp:controls sources of content
gptkbp:definedIn gptkb:World_Wide_Web_Consortium
gptkbp:directive sandbox
connect-src
default-src
font-src
frame-src
img-src
media-src
object-src
report-uri
script-src
style-src
base-uri
block-all-mixed-content
child-src
form-action
frame-ancestors
manifest-src
navigate-to
plugin-types
require-sri-for
upgrade-insecure-requests
worker-src
gptkbp:enables reporting of policy violations
gptkbp:enforcedBy browser
gptkbp:fullName gptkb:Content_Security_Policy
gptkbp:hasVersion gptkb:CSP_Level_1
gptkb:CSP_Level_2
gptkb:CSP_Level_3
https://www.w3.org/2000/01/rdf-schema#label CSP (Content Security Policy)
gptkbp:introducedIn 2012
gptkbp:prevention inline script execution
unauthorized resource loading
gptkbp:purpose prevent cross-site scripting
mitigate code injection attacks
gptkbp:relatedTo X-Content-Security-Policy
X-WebKit-CSP
gptkbp:specifies HTTP header
meta tag
gptkbp:status gptkb:W3C_Recommendation
gptkbp:supportedBy gptkb:Google_Chrome
gptkb:Mozilla_Firefox
gptkb:opera
gptkb:Microsoft_Edge
gptkb:Safari
gptkbp:bfsParent gptkb:HTML_Script_Element
gptkbp:bfsLayer 5