Content Security Policy

E125374

Content Security Policy is a web security standard that allows site owners to control which resources a browser is permitted to load and execute, helping to mitigate attacks like cross-site scripting and data injection.

All labels observed (1)

Label Occurrences
Content Security Policy canonical 5

How this entity was disambiguated

Statements (54)

Predicate Object
instanceOf browser security mechanism
web security standard
abbreviation CSP
appliesTo web applications
web browsers
web pages
configuredVia HTTP response header
meta element in HTML
controls connection endpoints for WebSocket
connection endpoints for XHR and fetch
from which origins resources may be loaded
inline script execution
loading of external scripts
loading of fonts
loading of frames and iframes
loading of images
loading of media resources
loading of stylesheets
use of eval-like JavaScript constructs
use of plugins and object resources
which resources a browser may load
which scripts a browser may execute
definedBy World Wide Web Consortium
hasDirective base-uri
block-all-mixed-content
child-src
connect-src
default-src
font-src
form-action
frame-ancestors
frame-src
img-src
media-src
object-src
report-to
report-uri
script-src
style-src
upgrade-insecure-requests
headerName Content-Security-Policy
Content-Security-Policy-Report-Only
introducedTo improve defense in depth for web security
primaryGoal mitigate cross-site scripting attacks
mitigate data injection attacks
reduce content injection vulnerabilities
requires browser support
standardizedIn W3C Recommendation
supports hash-based script whitelisting
nonce-based script whitelisting
report-only mode
usedBy major web browsers
usedFor mitigating XSS in modern web applications
restricting third-party content

How these facts were elicited

Referenced by (5)

Full triples — surface form annotated when it differs from this entity's canonical label.

WebAssembly JavaScript Interface constrainedBy Content Security Policy
Referrer Policy specification relatedTo Content Security Policy
Open Web Platform hasComponent Content Security Policy
W3C Web Application technologies includesStandard Content Security Policy
Chrome Web Platform features includesAPI Content Security Policy