Content Security Policy (CSP)
GPTKB entity
Statements (69)
Predicate | Object |
---|---|
gptkbp:instanceOf |
web security standard
|
gptkbp:abbreviation |
gptkb:CSP
|
gptkbp:appliesTo |
web browsers
|
gptkbp:category |
Internet standards
Web standards Web security Computer security |
gptkbp:definedIn |
gptkb:W3C_Recommendation
|
gptkbp:developedBy |
gptkb:World_Wide_Web_Consortium
|
gptkbp:directive |
sandbox
connect-src default-src font-src frame-src img-src media-src object-src report-to report-uri script-src style-src base-uri child-src form-action frame-ancestors manifest-src navigate-to worker-src |
gptkbp:enforcedBy |
gptkb:website
HTTP response header meta tag |
gptkbp:firstPublished |
2012
|
gptkbp:hasVersion |
gptkb:CSP_Level_1
gptkb:CSP_Level_2 gptkb:CSP_Level_3 |
gptkbp:headerName |
gptkb:Content-Security-Policy
gptkb:Content-Security-Policy-Report-Only |
https://www.w3.org/2000/01/rdf-schema#label |
Content Security Policy (CSP)
|
gptkbp:prevention |
inline script execution (by default)
loading resources from unauthorized domains use of eval() (by default) |
gptkbp:purpose |
mitigate data injection attacks
prevent cross-site scripting |
gptkbp:relatedTo |
gptkb:HTTP_Strict_Transport_Security
gptkb:Subresource_Integrity Referrer Policy X-Content-Security-Policy X-WebKit-CSP |
gptkbp:specifies |
allowed content sources
connect source rules font loading rules form action rules frame loading rules image loading rules media loading rules object loading rules sandboxing rules script execution rules style loading rules |
gptkbp:supports |
reporting violations
hash-based script whitelisting nonce-based script whitelisting report-to directive report-uri directive |
gptkbp:usedBy |
web developers
website administrators web application developers |
gptkbp:bfsParent |
gptkb:Web_Application_Security
|
gptkbp:bfsLayer |
6
|