Content Security Policy (CSP)
GPTKB entity
Properties (58)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
Web security standard
|
| gptkbp:addresses |
new security vulnerabilities
|
| gptkbp:allows |
image sources
whitelisting of content sources |
| gptkbp:can_be |
data leaks
base-uri connect sources data injection attacks font sources manifest sources upgrade-insecure-requests worker sources |
| gptkbp:controls |
clickjacking attacks
|
| gptkbp:createdBy |
unsafe-eval
unsafe-inline |
| gptkbp:enforces |
content restrictions
HTTPS connections |
| gptkbp:engineConfiguration |
allow specific domains
|
| gptkbp:features |
HTML5
|
| https://www.w3.org/2000/01/rdf-schema#label |
Content Security Policy (CSP)
|
| gptkbp:includes |
default-src
script-src style-src |
| gptkbp:is_a_key_component_of |
secure web applications
web application firewalls |
| gptkbp:is_a_tool_for |
defending_against_XSS
|
| gptkbp:is_accessible_by |
web servers
not properly configured |
| gptkbp:is_characterized_by |
W3C
|
| gptkbp:is_designed_to |
cross-site_scripting_(XSS)_attacks
|
| gptkbp:is_essential_for |
protecting user data
secure web development |
| gptkbp:is_featured_in |
developers
|
| gptkbp:is_part_of |
web application security best practices
OWASP Top Ten security risks web security landscape |
| gptkbp:is_popular_among |
security feature
|
| gptkbp:is_recognized_for |
RFC 7208
|
| gptkbp:is_supported_by |
HTTP headers
HTML meta tags most modern web browsers |
| gptkbp:is_used_in |
security experts
security headers mixed content other security measures form action sources frame sources media sources object sources CSP_testing_tools |
| gptkbp:measures |
web-based attacks
|
| gptkbp:provides |
a mechanism to control resources
|
| gptkbp:related_to |
Content Security Policy Level 2
|
| gptkbp:reportsTo |
a specified endpoint
|
| gptkbp:usedFor |
script execution
plugin sources |
| gptkbp:was_a_response_to |
increasing web security threats
the need for better web security |