Statements (56)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
web security standard
|
| gptkbp:abbreviation |
gptkb:CSP
|
| gptkbp:appliesTo |
web browsers
|
| gptkbp:category |
gptkb:standard
web security HTTP header |
| gptkbp:controls |
sources of content
|
| gptkbp:definedIn |
gptkb:W3C
|
| gptkbp:directive |
sandbox
connect-src default-src font-src frame-src img-src media-src object-src report-to report-uri script-src style-src base-uri block-all-mixed-content child-src form-action frame-ancestors manifest-src navigate-to require-sri-for upgrade-insecure-requests worker-src script-src-attr script-src-elem style-src-attr style-src-elem trusted-types |
| gptkbp:enforcedBy |
gptkb:meta_element
HTTP response header |
| gptkbp:firstPublished |
2012
|
| https://www.w3.org/2000/01/rdf-schema#label |
Content-Security-Policy
|
| gptkbp:latestReleaseVersion |
Level 3
|
| gptkbp:purpose |
mitigate data injection attacks
prevent cross-site scripting |
| gptkbp:relatedTo |
gptkb:HTTP_Strict_Transport_Security
gptkb:Subresource_Integrity Referrer-Policy X-Content-Security-Policy X-WebKit-CSP Feature-Policy |
| gptkbp:status |
recommended for all modern websites
|
| gptkbp:supportedBy |
gptkb:opera
gptkb:Edge gptkb:Safari gptkb:Firefox gptkb:Chrome |
| gptkbp:bfsParent |
gptkb:Content_Security_Policy
|
| gptkbp:bfsLayer |
5
|