Sin descripción

contentsecuritypolicy.json 6.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336
  1. {
  2. "title":"Content Security Policy 1.0",
  3. "description":"Mitigate cross-site scripting attacks by whitelisting allowed sources of script, style, and other resources.",
  4. "spec":"https://www.w3.org/TR/2012/CR-CSP-20121115/",
  5. "status":"cr",
  6. "links":[
  7. {
  8. "url":"https://www.html5rocks.com/en/tutorials/security/content-security-policy/",
  9. "title":"HTML5Rocks article"
  10. },
  11. {
  12. "url":"http://content-security-policy.com/",
  13. "title":"CSP Examples & Quick Reference"
  14. },
  15. {
  16. "url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP",
  17. "title":"MDN Web Docs - Content Security Policy"
  18. }
  19. ],
  20. "bugs":[
  21. {
  22. "description":"Partial support in Internet Explorer 10-11 refers to the browser only supporting the 'sandbox' directive by using the `X-Content-Security-Policy` header."
  23. },
  24. {
  25. "description":"Partial support in iOS Safari 5.0-5.1 refers to the browser recognizing the `X-WebKit-CSP` header but failing to handle complex cases correctly, often resulting in broken pages."
  26. },
  27. {
  28. "description":"Chrome for iOS fails to render pages without a [connect-src 'self'](https://code.google.com/p/chromium/issues/detail?id=322497) policy."
  29. }
  30. ],
  31. "categories":[
  32. "Security"
  33. ],
  34. "stats":{
  35. "ie":{
  36. "5.5":"n",
  37. "6":"n",
  38. "7":"n",
  39. "8":"n",
  40. "9":"n",
  41. "10":"a #1",
  42. "11":"a #1"
  43. },
  44. "edge":{
  45. "12":"y",
  46. "13":"y",
  47. "14":"y",
  48. "15":"y",
  49. "16":"y",
  50. "17":"y"
  51. },
  52. "firefox":{
  53. "2":"n",
  54. "3":"n",
  55. "3.5":"n",
  56. "3.6":"n",
  57. "4":"y #1",
  58. "5":"y #1",
  59. "6":"y #1",
  60. "7":"y #1",
  61. "8":"y #1",
  62. "9":"y #1",
  63. "10":"y #1",
  64. "11":"y #1",
  65. "12":"y #1",
  66. "13":"y #1",
  67. "14":"y #1",
  68. "15":"y #1",
  69. "16":"y #1",
  70. "17":"y #1",
  71. "18":"y #1",
  72. "19":"y #1",
  73. "20":"y #1",
  74. "21":"y #1",
  75. "22":"y #1",
  76. "23":"y",
  77. "24":"y",
  78. "25":"y",
  79. "26":"y",
  80. "27":"y",
  81. "28":"y",
  82. "29":"y",
  83. "30":"y",
  84. "31":"y",
  85. "32":"y",
  86. "33":"y",
  87. "34":"y",
  88. "35":"y",
  89. "36":"y",
  90. "37":"y",
  91. "38":"y",
  92. "39":"y",
  93. "40":"y",
  94. "41":"y",
  95. "42":"y",
  96. "43":"y",
  97. "44":"y",
  98. "45":"y",
  99. "46":"y",
  100. "47":"y",
  101. "48":"y",
  102. "49":"y",
  103. "50":"y",
  104. "51":"y",
  105. "52":"y",
  106. "53":"y",
  107. "54":"y",
  108. "55":"y",
  109. "56":"y",
  110. "57":"y",
  111. "58":"y",
  112. "59":"y",
  113. "60":"y",
  114. "61":"y"
  115. },
  116. "chrome":{
  117. "4":"n",
  118. "5":"n",
  119. "6":"n",
  120. "7":"n",
  121. "8":"n",
  122. "9":"n",
  123. "10":"n",
  124. "11":"n",
  125. "12":"n",
  126. "13":"n",
  127. "14":"y #2",
  128. "15":"y #2",
  129. "16":"y #2",
  130. "17":"y #2",
  131. "18":"y #2",
  132. "19":"y #2",
  133. "20":"y #2",
  134. "21":"y #2",
  135. "22":"y #2",
  136. "23":"y #2",
  137. "24":"y #2",
  138. "25":"y",
  139. "26":"y",
  140. "27":"y",
  141. "28":"y",
  142. "29":"y",
  143. "30":"y",
  144. "31":"y",
  145. "32":"y",
  146. "33":"y",
  147. "34":"y",
  148. "35":"y",
  149. "36":"y",
  150. "37":"y",
  151. "38":"y",
  152. "39":"y",
  153. "40":"y",
  154. "41":"y",
  155. "42":"y",
  156. "43":"y",
  157. "44":"y",
  158. "45":"y",
  159. "46":"y",
  160. "47":"y",
  161. "48":"y",
  162. "49":"y",
  163. "50":"y",
  164. "51":"y",
  165. "52":"y",
  166. "53":"y",
  167. "54":"y",
  168. "55":"y",
  169. "56":"y",
  170. "57":"y",
  171. "58":"y",
  172. "59":"y",
  173. "60":"y",
  174. "61":"y",
  175. "62":"y",
  176. "63":"y",
  177. "64":"y",
  178. "65":"y",
  179. "66":"y",
  180. "67":"y"
  181. },
  182. "safari":{
  183. "3.1":"n",
  184. "3.2":"n",
  185. "4":"n",
  186. "5":"n",
  187. "5.1":"a #2",
  188. "6":"y #2",
  189. "6.1":"y #2",
  190. "7":"y",
  191. "7.1":"y",
  192. "8":"y",
  193. "9":"y",
  194. "9.1":"y",
  195. "10":"y",
  196. "10.1":"y",
  197. "11":"y",
  198. "11.1":"y",
  199. "TP":"y"
  200. },
  201. "opera":{
  202. "9":"n",
  203. "9.5-9.6":"n",
  204. "10.0-10.1":"n",
  205. "10.5":"n",
  206. "10.6":"n",
  207. "11":"n",
  208. "11.1":"n",
  209. "11.5":"n",
  210. "11.6":"n",
  211. "12":"n",
  212. "12.1":"n",
  213. "15":"y",
  214. "16":"y",
  215. "17":"y",
  216. "18":"y",
  217. "19":"y",
  218. "20":"y",
  219. "21":"y",
  220. "22":"y",
  221. "23":"y",
  222. "24":"y",
  223. "25":"y",
  224. "26":"y",
  225. "27":"y",
  226. "28":"y",
  227. "29":"y",
  228. "30":"y",
  229. "31":"y",
  230. "32":"y",
  231. "33":"y",
  232. "34":"y",
  233. "35":"y",
  234. "36":"y",
  235. "37":"y",
  236. "38":"y",
  237. "39":"y",
  238. "40":"y",
  239. "41":"y",
  240. "42":"y",
  241. "43":"y",
  242. "44":"y",
  243. "45":"y",
  244. "46":"y",
  245. "47":"y",
  246. "48":"y",
  247. "49":"y",
  248. "50":"y",
  249. "51":"y",
  250. "52":"y"
  251. },
  252. "ios_saf":{
  253. "3.2":"n",
  254. "4.0-4.1":"n",
  255. "4.2-4.3":"n",
  256. "5.0-5.1":"a #2",
  257. "6.0-6.1":"y #2",
  258. "7.0-7.1":"y",
  259. "8":"y",
  260. "8.1-8.4":"y",
  261. "9.0-9.2":"y",
  262. "9.3":"y",
  263. "10.0-10.2":"y",
  264. "10.3":"y",
  265. "11.0-11.2":"y",
  266. "11.3":"y"
  267. },
  268. "op_mini":{
  269. "all":"n"
  270. },
  271. "android":{
  272. "2.1":"n",
  273. "2.2":"n",
  274. "2.3":"n",
  275. "3":"n",
  276. "4":"n",
  277. "4.1":"n",
  278. "4.2-4.3":"n",
  279. "4.4":"y",
  280. "4.4.3-4.4.4":"y",
  281. "62":"y"
  282. },
  283. "bb":{
  284. "7":"n",
  285. "10":"y #2"
  286. },
  287. "op_mob":{
  288. "10":"n",
  289. "11":"n",
  290. "11.1":"n",
  291. "11.5":"n",
  292. "12":"n",
  293. "12.1":"n",
  294. "37":"y"
  295. },
  296. "and_chr":{
  297. "64":"y"
  298. },
  299. "and_ff":{
  300. "57":"y"
  301. },
  302. "ie_mob":{
  303. "10":"a #1",
  304. "11":"a #1"
  305. },
  306. "and_uc":{
  307. "11.8":"y #2"
  308. },
  309. "samsung":{
  310. "4":"y",
  311. "5":"y",
  312. "6.2":"y"
  313. },
  314. "and_qq":{
  315. "1.2":"y"
  316. },
  317. "baidu":{
  318. "7.12":"y"
  319. }
  320. },
  321. "notes":"The standard HTTP header is `Content-Security-Policy` which is used unless otherwise noted.",
  322. "notes_by_num":{
  323. "1":"Supported through the `X-Content-Security-Policy` header",
  324. "2":"Supported through the `X-WebKit-CSP` header"
  325. },
  326. "usage_perc_y":91.04,
  327. "usage_perc_a":3.25,
  328. "ucprefix":false,
  329. "parent":"",
  330. "keywords":"csp,security,header",
  331. "ie_id":"contentsecuritypolicy",
  332. "chrome_id":"5205088045891584",
  333. "firefox_id":"",
  334. "webkit_id":"",
  335. "shown":true
  336. }