| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558 |
- {
- "title":"Content Security Policy 1.0",
- "description":"Mitigate cross-site scripting attacks by only allowing certain sources of script, style, and other resources.",
- "spec":"https://www.w3.org/TR/2012/CR-CSP-20121115/",
- "status":"cr",
- "links":[
- {
- "url":"https://www.html5rocks.com/en/tutorials/security/content-security-policy/",
- "title":"HTML5Rocks article"
- },
- {
- "url":"https://content-security-policy.com/",
- "title":"CSP Examples & Quick Reference"
- },
- {
- "url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP",
- "title":"MDN Web Docs - Content Security Policy"
- }
- ],
- "bugs":[
- {
- "description":"Partial support in Internet Explorer 10-11 refers to the browser only supporting the 'sandbox' directive by using the `X-Content-Security-Policy` header."
- },
- {
- "description":"Partial support in iOS Safari 5.0-5.1 refers to the browser recognizing the `X-WebKit-CSP` header but failing to handle complex cases correctly, often resulting in broken pages."
- },
- {
- "description":"Chrome for iOS fails to render pages without a [connect-src 'self'](https://code.google.com/p/chromium/issues/detail?id=322497) policy."
- }
- ],
- "categories":[
- "Security"
- ],
- "stats":{
- "ie":{
- "5.5":"n",
- "6":"n",
- "7":"n",
- "8":"n",
- "9":"n",
- "10":"a #1",
- "11":"a #1"
- },
- "edge":{
- "12":"y",
- "13":"y",
- "14":"y",
- "15":"y",
- "16":"y",
- "17":"y",
- "18":"y",
- "79":"y",
- "80":"y",
- "81":"y",
- "83":"y",
- "84":"y",
- "85":"y",
- "86":"y",
- "87":"y",
- "88":"y",
- "89":"y",
- "90":"y",
- "91":"y",
- "92":"y",
- "93":"y",
- "94":"y",
- "95":"y",
- "96":"y",
- "97":"y",
- "98":"y",
- "99":"y",
- "100":"y",
- "101":"y",
- "102":"y",
- "103":"y",
- "104":"y",
- "105":"y",
- "106":"y",
- "107":"y",
- "108":"y",
- "109":"y",
- "110":"y"
- },
- "firefox":{
- "2":"n",
- "3":"n",
- "3.5":"n",
- "3.6":"n",
- "4":"y #1",
- "5":"y #1",
- "6":"y #1",
- "7":"y #1",
- "8":"y #1",
- "9":"y #1",
- "10":"y #1",
- "11":"y #1",
- "12":"y #1",
- "13":"y #1",
- "14":"y #1",
- "15":"y #1",
- "16":"y #1",
- "17":"y #1",
- "18":"y #1",
- "19":"y #1",
- "20":"y #1",
- "21":"y #1",
- "22":"y #1",
- "23":"y",
- "24":"y",
- "25":"y",
- "26":"y",
- "27":"y",
- "28":"y",
- "29":"y",
- "30":"y",
- "31":"y",
- "32":"y",
- "33":"y",
- "34":"y",
- "35":"y",
- "36":"y",
- "37":"y",
- "38":"y",
- "39":"y",
- "40":"y",
- "41":"y",
- "42":"y",
- "43":"y",
- "44":"y",
- "45":"y",
- "46":"y",
- "47":"y",
- "48":"y",
- "49":"y",
- "50":"y",
- "51":"y",
- "52":"y",
- "53":"y",
- "54":"y",
- "55":"y",
- "56":"y",
- "57":"y",
- "58":"y",
- "59":"y",
- "60":"y",
- "61":"y",
- "62":"y",
- "63":"y",
- "64":"y",
- "65":"y",
- "66":"y",
- "67":"y",
- "68":"y",
- "69":"y",
- "70":"y",
- "71":"y",
- "72":"y",
- "73":"y",
- "74":"y",
- "75":"y",
- "76":"y",
- "77":"y",
- "78":"y",
- "79":"y",
- "80":"y",
- "81":"y",
- "82":"y",
- "83":"y",
- "84":"y",
- "85":"y",
- "86":"y",
- "87":"y",
- "88":"y",
- "89":"y",
- "90":"y",
- "91":"y",
- "92":"y",
- "93":"y",
- "94":"y",
- "95":"y",
- "96":"y",
- "97":"y",
- "98":"y",
- "99":"y",
- "100":"y",
- "101":"y",
- "102":"y",
- "103":"y",
- "104":"y",
- "105":"y",
- "106":"y",
- "107":"y",
- "108":"y",
- "109":"y",
- "110":"y",
- "111":"y",
- "112":"y"
- },
- "chrome":{
- "4":"n",
- "5":"n",
- "6":"n",
- "7":"n",
- "8":"n",
- "9":"n",
- "10":"n",
- "11":"n",
- "12":"n",
- "13":"n",
- "14":"y #2",
- "15":"y #2",
- "16":"y #2",
- "17":"y #2",
- "18":"y #2",
- "19":"y #2",
- "20":"y #2",
- "21":"y #2",
- "22":"y #2",
- "23":"y #2",
- "24":"y #2",
- "25":"y",
- "26":"y",
- "27":"y",
- "28":"y",
- "29":"y",
- "30":"y",
- "31":"y",
- "32":"y",
- "33":"y",
- "34":"y",
- "35":"y",
- "36":"y",
- "37":"y",
- "38":"y",
- "39":"y",
- "40":"y",
- "41":"y",
- "42":"y",
- "43":"y",
- "44":"y",
- "45":"y",
- "46":"y",
- "47":"y",
- "48":"y",
- "49":"y",
- "50":"y",
- "51":"y",
- "52":"y",
- "53":"y",
- "54":"y",
- "55":"y",
- "56":"y",
- "57":"y",
- "58":"y",
- "59":"y",
- "60":"y",
- "61":"y",
- "62":"y",
- "63":"y",
- "64":"y",
- "65":"y",
- "66":"y",
- "67":"y",
- "68":"y",
- "69":"y",
- "70":"y",
- "71":"y",
- "72":"y",
- "73":"y",
- "74":"y",
- "75":"y",
- "76":"y",
- "77":"y",
- "78":"y",
- "79":"y",
- "80":"y",
- "81":"y",
- "83":"y",
- "84":"y",
- "85":"y",
- "86":"y",
- "87":"y",
- "88":"y",
- "89":"y",
- "90":"y",
- "91":"y",
- "92":"y",
- "93":"y",
- "94":"y",
- "95":"y",
- "96":"y",
- "97":"y",
- "98":"y",
- "99":"y",
- "100":"y",
- "101":"y",
- "102":"y",
- "103":"y",
- "104":"y",
- "105":"y",
- "106":"y",
- "107":"y",
- "108":"y",
- "109":"y",
- "110":"y",
- "111":"y",
- "112":"y",
- "113":"y"
- },
- "safari":{
- "3.1":"n",
- "3.2":"n",
- "4":"n",
- "5":"n",
- "5.1":"a #2",
- "6":"y #2",
- "6.1":"y #2",
- "7":"y",
- "7.1":"y",
- "8":"y",
- "9":"y",
- "9.1":"y",
- "10":"y",
- "10.1":"y",
- "11":"y",
- "11.1":"y",
- "12":"y",
- "12.1":"y",
- "13":"y",
- "13.1":"y",
- "14":"y",
- "14.1":"y",
- "15":"y",
- "15.1":"y",
- "15.2-15.3":"y",
- "15.4":"y",
- "15.5":"y",
- "15.6":"y",
- "16.0":"y",
- "16.1":"y",
- "16.2":"y",
- "16.3":"y",
- "16.4":"y",
- "TP":"y"
- },
- "opera":{
- "9":"n",
- "9.5-9.6":"n",
- "10.0-10.1":"n",
- "10.5":"n",
- "10.6":"n",
- "11":"n",
- "11.1":"n",
- "11.5":"n",
- "11.6":"n",
- "12":"n",
- "12.1":"n",
- "15":"y",
- "16":"y",
- "17":"y",
- "18":"y",
- "19":"y",
- "20":"y",
- "21":"y",
- "22":"y",
- "23":"y",
- "24":"y",
- "25":"y",
- "26":"y",
- "27":"y",
- "28":"y",
- "29":"y",
- "30":"y",
- "31":"y",
- "32":"y",
- "33":"y",
- "34":"y",
- "35":"y",
- "36":"y",
- "37":"y",
- "38":"y",
- "39":"y",
- "40":"y",
- "41":"y",
- "42":"y",
- "43":"y",
- "44":"y",
- "45":"y",
- "46":"y",
- "47":"y",
- "48":"y",
- "49":"y",
- "50":"y",
- "51":"y",
- "52":"y",
- "53":"y",
- "54":"y",
- "55":"y",
- "56":"y",
- "57":"y",
- "58":"y",
- "60":"y",
- "62":"y",
- "63":"y",
- "64":"y",
- "65":"y",
- "66":"y",
- "67":"y",
- "68":"y",
- "69":"y",
- "70":"y",
- "71":"y",
- "72":"y",
- "73":"y",
- "74":"y",
- "75":"y",
- "76":"y",
- "77":"y",
- "78":"y",
- "79":"y",
- "80":"y",
- "81":"y",
- "82":"y",
- "83":"y",
- "84":"y",
- "85":"y",
- "86":"y",
- "87":"y",
- "88":"y",
- "89":"y",
- "90":"y",
- "91":"y",
- "92":"y",
- "93":"y",
- "94":"y",
- "95":"y"
- },
- "ios_saf":{
- "3.2":"n",
- "4.0-4.1":"n",
- "4.2-4.3":"n",
- "5.0-5.1":"a #2",
- "6.0-6.1":"y #2",
- "7.0-7.1":"y",
- "8":"y",
- "8.1-8.4":"y",
- "9.0-9.2":"y",
- "9.3":"y",
- "10.0-10.2":"y",
- "10.3":"y",
- "11.0-11.2":"y",
- "11.3-11.4":"y",
- "12.0-12.1":"y",
- "12.2-12.5":"y",
- "13.0-13.1":"y",
- "13.2":"y",
- "13.3":"y",
- "13.4-13.7":"y",
- "14.0-14.4":"y",
- "14.5-14.8":"y",
- "15.0-15.1":"y",
- "15.2-15.3":"y",
- "15.4":"y",
- "15.5":"y",
- "15.6":"y",
- "16.0":"y",
- "16.1":"y",
- "16.2":"y",
- "16.3":"y",
- "16.4":"y"
- },
- "op_mini":{
- "all":"n"
- },
- "android":{
- "2.1":"n",
- "2.2":"n",
- "2.3":"n",
- "3":"n",
- "4":"n",
- "4.1":"n",
- "4.2-4.3":"n",
- "4.4":"y",
- "4.4.3-4.4.4":"y",
- "109":"y"
- },
- "bb":{
- "7":"n",
- "10":"y #2"
- },
- "op_mob":{
- "10":"n",
- "11":"n",
- "11.1":"n",
- "11.5":"n",
- "12":"n",
- "12.1":"n",
- "73":"y"
- },
- "and_chr":{
- "110":"y"
- },
- "and_ff":{
- "110":"y"
- },
- "ie_mob":{
- "10":"a #1",
- "11":"a #1"
- },
- "and_uc":{
- "13.4":"y"
- },
- "samsung":{
- "4":"y",
- "5.0-5.4":"y",
- "6.2-6.4":"y",
- "7.2-7.4":"y",
- "8.2":"y",
- "9.2":"y",
- "10.1":"y",
- "11.1-11.2":"y",
- "12.0":"y",
- "13.0":"y",
- "14.0":"y",
- "15.0":"y",
- "16.0":"y",
- "17.0":"y",
- "18.0":"y",
- "19.0":"y",
- "20":"y"
- },
- "and_qq":{
- "13.1":"y"
- },
- "baidu":{
- "13.18":"y"
- },
- "kaios":{
- "2.5":"y",
- "3.0-3.1":"y"
- }
- },
- "notes":"The standard HTTP header is `Content-Security-Policy` which is used unless otherwise noted.",
- "notes_by_num":{
- "1":"Supported through the `X-Content-Security-Policy` header",
- "2":"Supported through the `X-WebKit-CSP` header"
- },
- "usage_perc_y":97.27,
- "usage_perc_a":0.54,
- "ucprefix":false,
- "parent":"",
- "keywords":"csp,security,header",
- "ie_id":"contentsecuritypolicy",
- "chrome_id":"5205088045891584",
- "firefox_id":"",
- "webkit_id":"",
- "shown":true
- }
|
