Content Security Policy 1.0
- CRMitigate cross-site scripting attacks by only allowing certain sources of script, style, and other resources.
Chrome
- ❌ 4 - 13: Not supported
- ✅ 14 - 24: Supported
- ✅ 25 - 130: Supported
- ✅ 131: Supported
- ✅ 132 - 134: Supported
Edge
- ✅ 12 - 130: Supported
- ✅ 131: Supported
Safari
- ❌ 3.1 - 5: Not supported
- ◐ 5.1: Partial support
- ✅ 6 - 6.1: Supported
- ✅ 7 - 18.0: Supported
- ✅ 18.1: Supported
- ✅ 18.2 - TP: Supported
Firefox
- ❌ 2 - 3.6: Not supported
- ✅ 4 - 22: Supported
- ✅ 23 - 131: Supported
- ✅ 132: Supported
- ✅ 133 - 135: Supported
Opera
- ❌ 9 - 12.1: Not supported
- ✅ 15 - 113: Supported
- ✅ 114: Supported
IE
- ❌ 5.5 - 9: Not supported
- ◐ 10: Partial support
- ◐ 11: Partial support
Chrome for Android
- ✅ 131: Supported
Safari on iOS
- ❌ 3.2 - 4.3: Not supported
- ◐ 5: Partial support
- ✅ 6: Supported
- ✅ 7 - 18.0: Supported
- ✅ 18.1: Supported
- ✅ 18.2: Supported
Samsung Internet
- ✅ 4 - 25: Supported
- ✅ 26: Supported
Opera Mini
- ❌ all: Not supported
Opera Mobile
- ❌ 10 - 12.1: Not supported
- ✅ 80: Supported
UC Browser for Android
- ✅ 15.5: Supported
Android Browser
- ❌ 2.1 - 4.3: Not supported
- ✅ 4.4 - 4.4.4: Supported
- ✅ 131: Supported
Firefox for Android
- ✅ 132: Supported
QQ Browser
- ✅ 14.9: Supported
Baidu Browser
- ✅ 13.52: Supported
KaiOS Browser
- ✅ 2.5: Supported
- ✅ 3: Supported
The standard HTTP header is Content-Security-Policy
which is used unless otherwise noted.