contentsecuritypolicy2.json 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281
  1. {
  2. "title":"Content Security Policy Level 2",
  3. "description":"Mitigate cross-site scripting attacks by whitelisting allowed sources of script, style, and other resources. CSP 2 adds hash-source, nonce-source, and five new directives",
  4. "spec":"http://www.w3.org/TR/CSP/",
  5. "status":"cr",
  6. "links":[
  7. {
  8. "url":"http://html5rocks.com/en/tutorials/security/content-security-policy/",
  9. "title":"HTML5Rocks article"
  10. }
  11. ],
  12. "bugs":[
  13. ],
  14. "categories":[
  15. "Other"
  16. ],
  17. "stats":{
  18. "ie":{
  19. "5.5":"n",
  20. "6":"n",
  21. "7":"n",
  22. "8":"n",
  23. "9":"n",
  24. "10":"n",
  25. "11":"n"
  26. },
  27. "edge":{
  28. "12":"n",
  29. "13":"n",
  30. "14":"n"
  31. },
  32. "firefox":{
  33. "2":"n",
  34. "3":"n",
  35. "3.5":"n",
  36. "3.6":"n",
  37. "4":"n",
  38. "5":"n",
  39. "6":"n",
  40. "7":"n",
  41. "8":"n",
  42. "9":"n",
  43. "10":"n",
  44. "11":"n",
  45. "12":"n",
  46. "13":"n",
  47. "14":"n",
  48. "15":"n",
  49. "16":"n",
  50. "17":"n",
  51. "18":"n",
  52. "19":"n",
  53. "20":"n",
  54. "21":"n",
  55. "22":"n",
  56. "23":"n",
  57. "24":"n",
  58. "25":"n",
  59. "26":"n",
  60. "27":"n",
  61. "28":"n",
  62. "29":"n",
  63. "30":"n",
  64. "31":"a #1",
  65. "32":"a #1",
  66. "33":"a #1",
  67. "34":"a #1",
  68. "35":"a #2",
  69. "36":"a #3",
  70. "37":"a #3",
  71. "38":"a #3",
  72. "39":"a #3",
  73. "40":"a #3",
  74. "41":"a #3",
  75. "42":"a #3",
  76. "43":"a #3",
  77. "44":"a #3",
  78. "45":"a #7",
  79. "46":"a #7",
  80. "47":"a #7",
  81. "48":"a #7",
  82. "49":"a #7",
  83. "50":"a #7",
  84. "51":"a #7",
  85. "52":"a #7",
  86. "53":"a #7"
  87. },
  88. "chrome":{
  89. "4":"n",
  90. "5":"n",
  91. "6":"n",
  92. "7":"n",
  93. "8":"n",
  94. "9":"n",
  95. "10":"n",
  96. "11":"n",
  97. "12":"n",
  98. "13":"n",
  99. "14":"n",
  100. "15":"n",
  101. "16":"n",
  102. "17":"n",
  103. "18":"n",
  104. "19":"n",
  105. "20":"n",
  106. "21":"n",
  107. "22":"n",
  108. "23":"n",
  109. "24":"n",
  110. "25":"n",
  111. "26":"n",
  112. "27":"n",
  113. "28":"n",
  114. "29":"n",
  115. "30":"n",
  116. "31":"n",
  117. "32":"n",
  118. "33":"n",
  119. "34":"n",
  120. "35":"n",
  121. "36":"a #4",
  122. "37":"a #4",
  123. "38":"a #4",
  124. "39":"a #5",
  125. "40":"y",
  126. "41":"y",
  127. "42":"y",
  128. "43":"y",
  129. "44":"y",
  130. "45":"y",
  131. "46":"y",
  132. "47":"y",
  133. "48":"y",
  134. "49":"y",
  135. "50":"y",
  136. "51":"y",
  137. "52":"y",
  138. "53":"y",
  139. "54":"y",
  140. "55":"y",
  141. "56":"y",
  142. "57":"y"
  143. },
  144. "safari":{
  145. "3.1":"n",
  146. "3.2":"n",
  147. "4":"n",
  148. "5":"n",
  149. "5.1":"n",
  150. "6":"n",
  151. "6.1":"n",
  152. "7":"n",
  153. "7.1":"n",
  154. "8":"n",
  155. "9":"n",
  156. "9.1":"n",
  157. "10":"y",
  158. "TP":"y"
  159. },
  160. "opera":{
  161. "9":"n",
  162. "9.5-9.6":"n",
  163. "10.0-10.1":"n",
  164. "10.5":"n",
  165. "10.6":"n",
  166. "11":"n",
  167. "11.1":"n",
  168. "11.5":"n",
  169. "11.6":"n",
  170. "12":"n",
  171. "12.1":"n",
  172. "15":"n",
  173. "16":"n",
  174. "17":"n",
  175. "18":"n",
  176. "19":"n",
  177. "20":"n",
  178. "21":"n",
  179. "22":"n",
  180. "23":"a #4",
  181. "24":"a #4",
  182. "25":"a #4",
  183. "26":"a #5",
  184. "27":"y",
  185. "28":"y",
  186. "29":"y",
  187. "30":"y",
  188. "31":"y",
  189. "32":"y",
  190. "33":"y",
  191. "34":"y",
  192. "35":"y",
  193. "36":"y",
  194. "37":"y",
  195. "38":"y",
  196. "39":"y",
  197. "40":"y",
  198. "41":"y",
  199. "42":"y",
  200. "43":"y"
  201. },
  202. "ios_saf":{
  203. "3.2":"n",
  204. "4.0-4.1":"n",
  205. "4.2-4.3":"n",
  206. "5.0-5.1":"n",
  207. "6.0-6.1":"n",
  208. "7.0-7.1":"n",
  209. "8":"n",
  210. "8.1-8.4":"n",
  211. "9.0-9.2":"n",
  212. "9.3":"y",
  213. "10-10.1":"y"
  214. },
  215. "op_mini":{
  216. "all":"n"
  217. },
  218. "android":{
  219. "2.1":"n",
  220. "2.2":"n",
  221. "2.3":"n",
  222. "3":"n",
  223. "4":"n",
  224. "4.1":"n",
  225. "4.2-4.3":"n",
  226. "4.4":"n",
  227. "4.4.3-4.4.4":"n",
  228. "53":"y"
  229. },
  230. "bb":{
  231. "7":"n",
  232. "10":"n"
  233. },
  234. "op_mob":{
  235. "10":"n",
  236. "11":"n",
  237. "11.1":"n",
  238. "11.5":"n",
  239. "12":"n",
  240. "12.1":"n",
  241. "37":"y"
  242. },
  243. "and_chr":{
  244. "54":"y"
  245. },
  246. "and_ff":{
  247. "50":"a #6"
  248. },
  249. "ie_mob":{
  250. "10":"n",
  251. "11":"n"
  252. },
  253. "and_uc":{
  254. "11":"n"
  255. },
  256. "samsung":{
  257. "4":"y"
  258. }
  259. },
  260. "notes":"",
  261. "notes_by_num":{
  262. "1":"Firefox 31-34 is missing the plugin-types, child-src, frame-ancestors, base-uri, and form-action directives.",
  263. "2":"Firefox 35 is missing the plugin-types, child-src, frame-ancestors, and form-action directives.",
  264. "3":"Firefox 36-44 is missing the plugin-types and child-src directives.",
  265. "4":"Chrome 36-38 & Opera 23-25 are missing the plugin-types, child-src, frame-ancestors, base-uri, and form-action directives.",
  266. "5":"Chrome 39 and Opera 26 are missing the plugin-types, child-src, base-uri, and form-action directives.",
  267. "6":"Firefox 38 on Android is missing the child-src directive.",
  268. "7":"Firefox 45+ is missing the plugin-types directive."
  269. },
  270. "usage_perc_y":65.75,
  271. "usage_perc_a":6.75,
  272. "ucprefix":false,
  273. "parent":"",
  274. "keywords":"csp,header,nonce,hash",
  275. "ie_id":"contentsecuritypolicylevel2",
  276. "chrome_id":"4957003285790720",
  277. "firefox_id":"",
  278. "webkit_id":"",
  279. "shown":true
  280. }