.. include:: ../Includes.txt

Getting started with Content Security Policy
============================================


The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers
by declaring what dynamic resources are allowed to load via a HTTP Header.

Check the specification on `content-security-policy.com <https://content-security-policy.com>`__.

There are two different versions of the protocol 1.0 and 2.0.
This extension supports the newer one and its goal to stay up-to-date as soon as a newer specification comes.

**What kind of browsers are support this feature?**

Basically all modern browsers support the 2.0 version already.
 but don't worry it has a support even in Edge:

`Can I use <http://caniuse.com/#feat=contentsecuritypolicy2>`__