Content Security Policy Level 2
Mitigate cross-site scripting attacks by whitelisting allowed sources of script, style, and other resources. CSP 2 adds hash-source, nonce-source, and five new directives
IE | Edge | Firefox | Chrome | Safari | Opera | iOS Safari | Opera Mini | Android Browser | Blackberry Browser | Opera Mobile | Chrome for Android | Firefox for Android | IE Mobile | UC Browser for Android | Samsung Internet | QQ Browser | Baidu Browser |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
49 | |||||||||||||||||
56 | 9.3 | 4.4 | |||||||||||||||
14 | 52
See notes:
|
57 | 10 | 10.0-10.2 | 4.4.3-4.4.4 | 4 | |||||||||||
11 | 15 | 53
See notes:
|
58 | 10.1 | 44 | 10.3 | all | 56 | 10 | 37 | 57 | 52
See notes:
|
11 | 11.4 | 5 | 1.2 | 7.12 |
54
See notes:
|
59 | TP | 45 | ||||||||||||||
55
See notes:
|
60 | 46 | |||||||||||||||
56
See notes:
|
61 |
Notes
-
1
Firefox 31-34 is missing the plugin-types, child-src, frame-ancestors, base-uri, and form-action directives.
-
2
Firefox 35 is missing the plugin-types, child-src, frame-ancestors, and form-action directives.
-
3
Firefox 36-44 is missing the plugin-types and child-src directives.
-
4
Chrome 36-38 & Opera 23-25 are missing the plugin-types, child-src, frame-ancestors, base-uri, and form-action directives.
-
5
Chrome 39 and Opera 26 are missing the plugin-types, child-src, base-uri, and form-action directives.
-
6
Firefox 38 on Android is missing the child-src directive.
-
7
Firefox 45+ is missing the plugin-types directive.