CSP

Currently

2020 - Complex Security Policy ? | Issues

Level 3

2018 | strict-dynamic | mixed content | playlist | Semantics-based analysis of CSP deployment (2018)

Level 2

2016 | hashes | nonces | upgrade-insecure-requests | Content security problems? (2016) | CSP is dead, long live CSP! (2016)

Level 1

2014 | DNS Rebinding | origin | framing control | double-framing attack | Why Is CSP Failing? (2014)

Level 0

2010 - Reigning in the web with CSP

Resource loading restrictions

script-src | style-src | img-src | default-src

Framing Control

frame-ancestors | base-uri | form-action

TLS Enforcement

upgrade-insecurerequests | block-all-mixed-content | form-action

CSP History

Twitter | Amazon | GitHub