Content Security Policy
E125374
Content Security Policy is a web security standard that allows site owners to control which resources a browser is permitted to load and execute, helping to mitigate attacks like cross-site scripting and data injection.
All labels observed (1)
| Label | Occurrences |
|---|---|
| Content Security Policy canonical | 5 |
How this entity was disambiguated
This entity first appeared as the object of triple T1103227 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: Content Security Policy Context triple: [WebAssembly JavaScript Interface, constrainedBy, Content Security Policy]
-
A.
CSP
CSP is the commonly used abbreviation for the Conference of the States Parties, the main decision-making body overseeing implementation of the Chemical Weapons Convention.
-
B.
Opera Crypto Browser
Opera Crypto Browser is a web browser tailored for cryptocurrency and Web3 users, featuring built-in wallet functionality, dApp support, and enhanced blockchain security tools.
-
C.
HTTPS
HTTPS is the secure version of the HTTP protocol that encrypts data exchanged between a client and server to protect confidentiality and integrity on the web.
-
D.
CMS
CMS is a major general-purpose particle physics detector at CERN’s Large Hadron Collider, designed to investigate fundamental particles and forces, including the Higgs boson.
-
E.
CMS
CMS is the U.S. federal agency within the Department of Health and Human Services that administers major national healthcare programs including Medicare, Medicaid, and the Children’s Health Insurance Program.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: Content Security Policy Target entity description: Content Security Policy is a web security standard that allows site owners to control which resources a browser is permitted to load and execute, helping to mitigate attacks like cross-site scripting and data injection.
-
A.
CSP
CSP is the commonly used abbreviation for the Conference of the States Parties, the main decision-making body overseeing implementation of the Chemical Weapons Convention.
-
B.
Opera Crypto Browser
Opera Crypto Browser is a web browser tailored for cryptocurrency and Web3 users, featuring built-in wallet functionality, dApp support, and enhanced blockchain security tools.
-
C.
HTTPS
HTTPS is the secure version of the HTTP protocol that encrypts data exchanged between a client and server to protect confidentiality and integrity on the web.
-
D.
CMS
CMS is a major general-purpose particle physics detector at CERN’s Large Hadron Collider, designed to investigate fundamental particles and forces, including the Higgs boson.
-
E.
CMS
CMS is the U.S. federal agency within the Department of Health and Human Services that administers major national healthcare programs including Medicare, Medicaid, and the Children’s Health Insurance Program.
- F. None of above. chosen
Statements (54)
| Predicate | Object |
|---|---|
| instanceOf |
browser security mechanism
ⓘ
web security standard ⓘ |
| abbreviation | CSP ⓘ |
| appliesTo |
web applications
ⓘ
web browsers ⓘ web pages ⓘ |
| configuredVia |
HTTP response header
ⓘ
meta element in HTML ⓘ |
| controls |
connection endpoints for WebSocket
ⓘ
connection endpoints for XHR and fetch ⓘ from which origins resources may be loaded ⓘ inline script execution ⓘ loading of external scripts ⓘ loading of fonts ⓘ loading of frames and iframes ⓘ loading of images ⓘ loading of media resources ⓘ loading of stylesheets ⓘ use of eval-like JavaScript constructs ⓘ use of plugins and object resources ⓘ which resources a browser may load ⓘ which scripts a browser may execute ⓘ |
| definedBy | World Wide Web Consortium ⓘ |
| hasDirective |
base-uri
ⓘ
block-all-mixed-content ⓘ child-src ⓘ connect-src ⓘ default-src ⓘ font-src ⓘ form-action ⓘ frame-ancestors ⓘ frame-src ⓘ img-src ⓘ media-src ⓘ object-src ⓘ report-to ⓘ report-uri ⓘ script-src ⓘ style-src ⓘ upgrade-insecure-requests ⓘ |
| headerName |
Content-Security-Policy
ⓘ
Content-Security-Policy-Report-Only ⓘ |
| introducedTo | improve defense in depth for web security ⓘ |
| primaryGoal |
mitigate cross-site scripting attacks
ⓘ
mitigate data injection attacks ⓘ reduce content injection vulnerabilities ⓘ |
| requires | browser support ⓘ |
| standardizedIn | W3C Recommendation ⓘ |
| supports |
hash-based script whitelisting
ⓘ
nonce-based script whitelisting ⓘ report-only mode ⓘ |
| usedBy | major web browsers ⓘ |
| usedFor |
mitigating XSS in modern web applications
ⓘ
restricting third-party content ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: Content Security Policy Description of subject: Content Security Policy is a web security standard that allows site owners to control which resources a browser is permitted to load and execute, helping to mitigate attacks like cross-site scripting and data injection.
Referenced by (5)
Full triples — surface form annotated when it differs from this entity's canonical label.