Please note, this is a STATIC archive of website developer.mozilla.org from 03 Nov 2016, cach3.com does not collect or store any user information, there is no "phishing" involved.
Los resultados de tu búsqueda

    Content-Security-Policy

    Este articulo necesita una revisión técnica. Cómo puedes ayudar.

    Nuestros voluntarios aún no han traducido este artículo al Español. Únete a nosotros y ayúdanos a traducirlo

    This is an experimental technology
    Because this technology's specification has not stabilized, check the compatibility table for usage in various browsers. Also note that the syntax and behavior of an experimental technology is subject to change in future versions of browsers as the specification changes.

    DRAFT

    The Content-Security-Policy header fields allows web site administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks.

    To set a content security policy, add one or more policy directives to either of the response headers listed below. Alternatively, most policy directives can be used in a <meta> tag with the http-equiv attribute. If a policy directive is not defined, user agents will allow resources from anywhere.  The default-src directive overrides this behavior for a select number of other directives. See the policy directives page for more information.

    Workers are in general not governed by the content security policy of the document (or parent worker) that created them. To specify a content security policy for the worker, set a Content-Security-Policy response header for the request which delivered the worker script itself.

    The exception to this is if the worker script's origin is a globally unique identifier (for example, if its URL has a scheme of data or blob). In this case, the worker does inherit the content security policy of the document or worker than created it.

    The HTTP response headers

    This section lists the HTTP response headers that servers send back to specify allowed origins for page contents as defined by the Content Security Policy specification. 

    CH-CSP

    Indicates that a request is subject to a policy.

    Content-Security-Policy

    Specifies a page's content origins by resource type for enforcement by the user agent. This header may be used inside a <meta> tag.

    Content-Security-Policy-Report-Only

    Specifies a page's content origins by resource type for monitoring by the server. This header may not be used inside a <meta> tag.

    Browser compatibility

    Feature Chrome Firefox (Gecko) Internet Explorer Opera Safari
    Basic support 41.0 (Yes) ? (Yes) ?
    Worker support (Yes) 50 (50) ? ? ?
    Feature Android Chrome for Android Firefox Mobile (Gecko) IE Mobile Opera Mobile Safari Mobile
    Basic support No support ? ? ? ? ?

    See Also

    Etiquetas y colaboradores del documento

    Etiquetas: 
     Colaboradores en esta página: wbamberg, teoli, jpmedley, kscarfone
     Última actualización por: wbamberg,