Content Security Policy Level 2

An evolution of the Content Security Policy specification, allowing developers to create a whitelist of sources of trusted content, and instructing the browser to only execute or render resources from those sources.

Specification

Established standard

Status in Chromium

Blink components: Blink

Enabled by default in:

• Chrome for desktop release 40
• Chrome for Android release 40
• Android WebView release 40
• Opera release 27
• Opera for Android release 27

Consensus & Standardization

• Firefox: Public support
• Edge: Public support
• Safari: Shipped
• Web Developers: Positive

Owners

• mkwst@chromium.org
• jww@chromium.org

Last updated on 2017-06-14