Content Security Policy

Content Security Policy (CSP) is a security concept, to prevent Cross-Site Scripting and related attacks.^[1] It is a draft of the W3C Working group on Web Application Security.^[2]

CSP was originally developed by the Mozilla Foundation and implemented in Firefox 4.0.

Status

The official name of the header field is Content-Security-Policy.

Mozilla Firefox and the preview release of Internet Explorers use the header name X-Content-Security-Policy. Chrome uses X-WebKit-CSP. Support for the draft in Firefox and Chrome is nearly complete.^[2]

References

1. ^ "Security/CSP/Spec - MozillaWiki". wiki.mozilla.org. 2009-03-11. https://wiki.mozilla.org/index.php?title=Security/CSP/Spec&oldid=133465. Retrieved 2011-06-29. "Content Security Policy is intended to help web designers or server administrators specify how content interacts on their web sites. It helps mitigate and detect types of attacks such as XSS and data injection." 
2. ^ ^{a b} "State of the draft". 2011-11-30. http://www.w3.org/TR/CSP/#sotd. Retrieved 2011-12-30. 

External links

• Letzter veröffentlichter Entwurf