Content Security Policy Level 2

Content Security Policy Level 2

Mitigate cross-site scripting attacks by whitelisting allowed sources of script, style, and other resources. CSP 2 adds hash-source, nonce-source, and five new directives

Spec http://www.w3.org/TR/CSP/
Status W3C Candidate Recommendation
IE Edge Firefox Chrome Safari Opera
    57 (7) 62    
    56 (7) 61 TP 48
  16 55 (7) 60 11 47
11 15 54 (7) 59 10.1 46
10 14 53 (7) 58 10 45
9 13 52 (7) 57 9.1 44
8 12 51 (7) 56 9 43
Show all
7   50 (7) 55 8 42
6   49 (7) 54 7.1 41
5.5   48 (7) 53 7 40
    47 (7) 52 6.1 39
    46 (7) 51 6 38
    45 (7) 50 5.1 37
    44 (3) 49 5 36
    43 (3) 48 4 35
    42 (3) 47 3.2 34
    41 (3) 46 3.1 33
    40 (3) 45   32
    39 (3) 44   31
    38 (3) 43   30
    37 (3) 42   29
    36 (3) 41   28
    35 (2) 40   27
    34 (1) 39 (5)   26 (5)
    33 (1) 38 (4)   25 (4)
    32 (1) 37 (4)   24 (4)
    31 (1) 36 (4)   23 (4)
    30 35   22
    29 34   21
    28 33   20
    27 32   19
    26 31   18
    25 30   17
    24 29   16
    23 28   15
    22 27   12.1
    21 26   12
    20 25   11.6
    19 24   11.5
    18 23   11.1
    17 22   11
    16 21   10.6
    15 20   10.5
    14 19   10.0-10.1
    13 18   9.5-9.6
    12 17   9
    11 16    
    10 15    
    9 14    
    8 13    
    7 12    
    6 11    
    5 10    
    4 9    
    3.6 8    
    3.5 7    
    3 6    
    2 5    
      4    
iOS Safari Opera Mini Android Browser Blackberry Browser Opera Mobile Android Chrome Android Firefox IE Mobile Android UC Browser Samsung Internet QQ Browser Baidu Browser
11                      
10.3 all 56 10 37 59 54 (6) 11 11.4 5 1.2 7.12
10.0-10.2   4.4.3-4.4.4 7 12.1     10   4    
9.3   4.4   12              
9.0-9.2   4.2-4.3   11.5              
Show all
8.1-8.4   4.1   11.1              
8   4   11              
7.0-7.1   3   10              
6.0-6.1   2.3                  
5.0-5.1   2.2                  
4.2-4.3   2.1                  
4.0-4.1                      
3.2                      

Notes

  1. Firefox 31-34 is missing the plugin-types, child-src, frame-ancestors, base-uri, and form-action directives.

  2. Firefox 35 is missing the plugin-types, child-src, frame-ancestors, and form-action directives.

  3. Firefox 36-44 is missing the plugin-types and child-src directives.

  4. Chrome 36-38 & Opera 23-25 are missing the plugin-types, child-src, frame-ancestors, base-uri, and form-action directives.

  5. Chrome 39 and Opera 26 are missing the plugin-types, child-src, base-uri, and form-action directives.

  6. Firefox 38 on Android is missing the child-src directive.

  7. Firefox 45+ is missing the plugin-types directive.

Resources

Data by caniuse.com
Licensed under the Creative Commons Attribution License v4.0.
http://caniuse.com/#feat=contentsecuritypolicy2

在线笔记
App下载
App下载

扫描二维码

下载编程狮App

公众号
微信公众号

编程狮公众号

意见反馈
返回顶部