Content Security Policy (CSP)

URI: https://gptkb.org/entity/Content_Security_Policy_(CSP)

GPTKB entity

Statements (69)

Predicate	Object
gptkbp:instanceOf	web security standard
gptkbp:abbreviation	gptkb:CSP
gptkbp:appliesTo	web browsers
gptkbp:category	Internet standards Web standards Web security Computer security
gptkbp:definedIn	gptkb:W3C_Recommendation
gptkbp:developedBy	gptkb:World_Wide_Web_Consortium
gptkbp:directive	sandbox connect-src default-src font-src frame-src img-src media-src object-src report-to report-uri script-src style-src base-uri child-src form-action frame-ancestors manifest-src navigate-to worker-src
gptkbp:enforcedBy	gptkb:website HTTP response header meta tag
gptkbp:firstPublished	2012
gptkbp:hasVersion	gptkb:CSP_Level_1 gptkb:CSP_Level_2 gptkb:CSP_Level_3
gptkbp:headerName	gptkb:Content-Security-Policy gptkb:Content-Security-Policy-Report-Only
https://www.w3.org/2000/01/rdf-schema#label	Content Security Policy (CSP)
gptkbp:prevention	inline script execution (by default) loading resources from unauthorized domains use of eval() (by default)
gptkbp:purpose	mitigate data injection attacks prevent cross-site scripting
gptkbp:relatedTo	gptkb:HTTP_Strict_Transport_Security gptkb:Subresource_Integrity Referrer Policy X-Content-Security-Policy X-WebKit-CSP
gptkbp:specifies	allowed content sources connect source rules font loading rules form action rules frame loading rules image loading rules media loading rules object loading rules sandboxing rules script execution rules style loading rules
gptkbp:supports	reporting violations hash-based script whitelisting nonce-based script whitelisting report-to directive report-uri directive
gptkbp:usedBy	web developers website administrators web application developers
gptkbp:bfsParent	gptkb:Web_Application_Security
gptkbp:bfsLayer	6