DEPRECATION WARNING
This documentation is not using the current rendering mechanism and is probably outdated. The extension maintainer should switch to the new system. Details on how to use the rendering mechanism can be found here.
Getting started with Content Security Policy¶
The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header.
Check the specification on content-security-policy.com.
There are two different versions of the protocol 1.0 and 2.0. This extension supports the newer one and its goal to stay up-to-date as soon as a newer specification comes.
What kind of browsers are support this feature?
- Basically all modern browsers support the 2.0 version already.
- but don't worry it has a support even in Edge: