Content Security Policy (CSP)

GPTKB entity

Statements (69)
Predicate Object
gptkbp:instanceOf web security standard
gptkbp:abbreviation gptkb:CSP
gptkbp:appliesTo web browsers
gptkbp:category Internet standards
Web standards
Web security
Computer security
gptkbp:definedIn gptkb:W3C_Recommendation
gptkbp:developedBy gptkb:World_Wide_Web_Consortium
gptkbp:directive sandbox
connect-src
default-src
font-src
frame-src
img-src
media-src
object-src
report-to
report-uri
script-src
style-src
base-uri
child-src
form-action
frame-ancestors
manifest-src
navigate-to
worker-src
gptkbp:enforcedBy gptkb:website
HTTP response header
meta tag
gptkbp:firstPublished 2012
gptkbp:hasVersion gptkb:CSP_Level_1
gptkb:CSP_Level_2
gptkb:CSP_Level_3
gptkbp:headerName gptkb:Content-Security-Policy
gptkb:Content-Security-Policy-Report-Only
https://www.w3.org/2000/01/rdf-schema#label Content Security Policy (CSP)
gptkbp:prevention inline script execution (by default)
loading resources from unauthorized domains
use of eval() (by default)
gptkbp:purpose mitigate data injection attacks
prevent cross-site scripting
gptkbp:relatedTo gptkb:HTTP_Strict_Transport_Security
gptkb:Subresource_Integrity
Referrer Policy
X-Content-Security-Policy
X-WebKit-CSP
gptkbp:specifies allowed content sources
connect source rules
font loading rules
form action rules
frame loading rules
image loading rules
media loading rules
object loading rules
sandboxing rules
script execution rules
style loading rules
gptkbp:supports reporting violations
hash-based script whitelisting
nonce-based script whitelisting
report-to directive
report-uri directive
gptkbp:usedBy web developers
website administrators
web application developers
gptkbp:bfsParent gptkb:Web_Application_Security
gptkbp:bfsLayer 6