Computer security standard to prevent cross-site scripting and related attacks
Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context.[1] It is a Candidate Recommendation of the W3C working group on Web Application Security,[2] widely supported by modern web browsers.[3] CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features.
^Sid Stamm (2009-03-11). "Security/CSP/Spec - MozillaWiki". wiki.mozilla.org. Retrieved 2011-06-29. Content Security Policy is intended to help web designers or server administrators specify how content interacts on their web sites. It helps mitigate and detect types of attacks such as XSS and data injection.
^"State of the draft". 2016-09-13. Retrieved 2016-10-05.
^Cite error: The named reference caniuse was invoked but never defined (see the help page).
and 26 Related for: Content Security Policy information
ContentSecurityPolicy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks...
Contentsecurity may refer to: Network security, the provisions and policies adopted to prevent and monitor unauthorized access, misuse, modification,...
HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade...
The SecurityContent Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and...
redirected from the data: page, the original referrer is hidden. ContentSecurityPolicy standard version 1.1 introduced a new referrer directive that allows...
mitigate the effects of DOM clobbering is the use of restrictive ContentSecurityPolicies (CSP). While this does not prevent DOM clobbering from altering...
have largely been replaced by the usage of X-Frame-Options and Content-Security-Policy headers, which prevent the page from being loaded in a frame in...
additional JavaScript from any domain, bypassing the same-origin policy. The ContentSecurityPolicy HTTP Header lets web sites tell web browsers which domain...
nor in Safari on iOS." All major browsers allow WebAssembly if Content-Security-Policy is not specified, or if "unsafe-eval" is used, but otherwise they...
in an email to Simon Willison The increased implementation of ContentSecurityPolicy (CSP) in websites has caused problems with bookmarklet execution...
The Government Security Classifications Policy (GSCP) is a system for classifying sensitive government data in the United Kingdom. Historically, the Government...
safe embedding and isolation of third-party JavaScript and HTML. ContentSecurityPolicy is the main intended method of ensuring that only trusted code...
Wide Web (WWW or simply the Web) is an information system that enables content sharing over the Internet through user-friendly ways meant to appeal to...
president on national security and foreign policies. It also serves as the president's principal arm for coordinating these policies among various government...
server under control of the attacker. Subresource Integrity or a ContentSecurityPolicy can be used to protect against formjacking, although this does...
Twitter has a suspension policy. Between August 2015 and December 2017 it suspended over 1.2 million accounts for terrorist content in an effort to reduce...
developer and member of the Mozilla Security Group. By default, NoScript blocks active (executable) web content, which can be wholly or partially unblocked...
A content delivery network or content distribution network (CDN) is a geographically distributed network of proxy servers and their data centers. The...
and Webtrust. Some websites also define their privacy policies using P3P or Internet Content Rating Association (ICRA), allowing browsers to automatically...