• Skip to main content
  • Skip to search
  • Skip to select language
MDN Web Docs
  • 参考手册
    • 概述 / Web 技术

      适用于开发者的 Web 技术参考手册

    • HTML

      Web 内容的结构

    • CSS

      用于描述文档样式的代码

    • JavaScript

      通用脚本语言

  • 开发指南
    • 概述 / MDN 学习区

      学习 Web 开发

    • MDN 学习区

      学习 Web 开发

    • HTML

      学习使用 HTML 构建 Web 内容

    • CSS

      学习使用 CSS 设置内容样式

    • JavaScript

      学习在浏览器中运行脚本

  • 更多中文网
  1. Glossary
  2. CSP

目录

  • See also
  1. Glossary
    1. Abstraction
    2. Accent
    3. Accessibility
    4. Accessibility tree
    5. Accessible description
    6. Accessible name
    7. Adobe Flash
    8. Advance measure
    9. Ajax
    10. Algorithm
    11. Alignment container
    12. Alignment subject
    13. Alpha (alpha channel)
    14. ALPN
    15. API
    16. Apple Safari
    17. Application Context
    18. Argument
    19. ARIA
    20. ARPA
    21. ARPANET
    22. Array
    23. ASCII
    24. Aspect ratio
    25. Asynchronous
    26. ATAG
    27. Attribute
    28. Authentication
    29. Bandwidth
    30. Base64
    31. Baseline
    32. Beacon
    33. Bézier curve
    34. bfcache
    35. BiDi
    36. BigInt
    37. Binding
    38. Bitwise flags
    39. Blink
    40. Block
    41. Block cipher mode of operation
    42. Block-level content
    43. Boolean
    44. Bounding Box
    45. Breadcrumb
    46. Brotli compression
    47. Browser
    48. Browsing context
    49. Buffer
    50. Cache
    51. Cacheable
    52. CalDAV
    53. Call stack
    54. Callback function
    55. Camel case
    56. Canonical order
    57. Canvas
    58. Card sorting
    59. CardDAV
    60. Caret
    61. CDN
    62. Certificate authority
    63. Certified
    64. Challenge-response authentication
    65. Character
    66. Character encoding
    67. Character reference
    68. Character set
    69. Chrome
    70. CIA
    71. Cipher
    72. Cipher suite
    73. Ciphertext
    74. Class
    75. Clickjacking
    76. Closure
    77. CMS
    78. Code point
    79. Code splitting
    80. Code unit
    81. Codec
    82. Color space
    83. Color wheel
    84. Compile
    85. Compile time
    86. Composite operation
    87. Computer Programming
    88. Conditional
    89. Constant
    90. Constructor
    91. Continuous Media
    92. Control flow
    93. Cookie
    94. Copyleft
    95. CORS
    96. CORS-safelisted request header
    97. CORS-safelisted response header
    98. Crawler
    99. Credential
    100. CRLF
    101. Cross Axis
    102. Cross-site scripting (XSS)
    103. CRUD
    104. Cryptanalysis
    105. Cryptographic hash function
    106. Cryptography
    107. CSP
    108. CSRF
    109. CSS
    110. CSS Object Model (CSSOM)
    111. CSS pixel
    112. CSS preprocessor
    113. Cumulative Layout Shift (CLS)
    114. Data structure
    115. Database
    116. Decryption
    117. Deep copy
    118. Delta
    119. Denial of Service
    120. Deno
    121. Descriptor (CSS)
    122. Deserialization
    123. Developer Tools
    124. Digest
    125. Digital certificate
    126. Digital signature
    127. Distributed Denial of Service
    128. DMZ
    129. DNS
    130. Doctype
    131. Document directive
    132. Document environment
    133. DOM (Document Object Model)
    134. Domain
    135. Domain name
    136. Domain sharding
    137. Dominator
    138. DoS attack
    139. DSL
    140. DTLS (Datagram Transport Layer Security)
    141. DTMF (Dual-Tone Multi-Frequency signaling)
    142. Dynamic typing
    143. ECMA
    144. ECMAScript
    145. Effective connection type
    146. Element
    147. Encapsulation
    148. Encryption
    149. Endianness
    150. Engine
    151. Entity
    152. Entity header
    153. Enumerated
    154. eTLD
    155. Event
    156. Exception
    157. EXIF
    158. Expando
    159. Fallback alignment
    160. Falsy
    161. Favicon
    162. Federated identity
    163. Fetch directive
    164. Fetch metadata request header
    165. Fingerprinting
    166. Firefox OS
    167. Firewall
    168. First contentful paint
    169. First CPU idle
    170. First input delay
    171. First Meaningful Paint
    172. First paint
    173. First-class Function
    174. Flex
    175. Flex Container
    176. Flex Item
    177. Flexbox
    178. Flow relative values
    179. Forbidden header name
    180. Forbidden response header name
    181. Fork
    182. Fragmentainer
    183. Frame rate (FPS)
    184. FTP
    185. FTU
    186. Function
    187. Fuzz testing
    188. Gamut
    189. Garbage collection
    190. Gecko
    191. General header
    192. GIF
    193. Git
    194. Global object
    195. Global scope
    196. Global variable
    197. Glyph
    198. Google Chrome
    199. GPL
    200. GPU
    201. Graceful degradation
    202. Grid
    203. Grid Areas
    204. Grid Axis
    205. Grid Cell
    206. Grid Column
    207. Grid container
    208. Grid Lines
    209. Grid Row
    210. Grid Tracks
    211. Gutters
    212. gzip compression
    213. Hash
    214. Head
    215. High-level programming language
    216. HMAC
    217. Hoisting
    218. Host
    219. Hotlink
    220. Houdini
    221. HPKP
    222. HSTS
    223. HTML
    224. HTML5
    225. HTTP
    226. HTTP header
    227. HTTP/2
    228. HTTP/3
    229. HTTPS
    230. HTTPS RR
    231. Hyperlink
    232. Hypertext
    233. IANA
    234. ICANN
    235. ICE
    236. IDE
    237. Idempotent
    238. Identifier
    239. Identity provider (IdP)
    240. IDL
    241. IETF
    242. IIFE
    243. IMAP
    244. Immutable
    245. IndexedDB
    246. Information architecture
    247. Inheritance
    248. Ink overflow
    249. Inline-level content
    250. Input method editor
    251. Inset properties
    252. Instance
    253. Internationalization (i18n)
    254. Internet
    255. Interpolation
    256. Intrinsic size
    257. IP Address
    258. IPv4
    259. IPv6
    260. IRC
    261. ISO
    262. ISP
    263. ITU
    264. Jank
    265. Java
    266. JavaScript
    267. JPEG
    268. JSON
    269. JSON type representation
    270. Kebab case
    271. Key
    272. Keyword
    273. Largest contentful paint
    274. Latency
    275. Layout viewport
    276. Lazy load
    277. LGPL
    278. Ligature
    279. Literal
    280. Local scope
    281. Local variable
    282. Locale
    283. Localization
    284. Logical properties
    285. Long task
    286. Loop
    287. Lossless compression
    288. Lossy compression
    289. LTR (Left To Right)
    290. Main Axis
    291. Main thread
    292. Markup
    293. MathML
    294. Media
    295. Media query
    296. Metadata
    297. Method
    298. Microsoft Edge
    299. Microsoft Internet Explorer
    300. Middleware
    301. MIME
    302. MIME type
    303. Minification
    304. MitM
    305. Mixin
    306. Mobile First
    307. Modem
    308. Modularity
    309. Mozilla Firefox
    310. Mutable
    311. MVC
    312. Namespace
    313. NaN
    314. NAT
    315. Native
    316. Navigation directive
    317. Netscape Navigator
    318. Network throttling
    319. NNTP
    320. Node
    321. Node.js
    322. Non-normative
    323. Normative
    324. Null
    325. Nullish value
    326. Number
    327. Object
    328. Object reference
    329. OOP
    330. OpenGL
    331. OpenSSL
    332. Opera Browser
    333. Operand
    334. Operator
    335. Origin
    336. OTA
    337. OWASP
    338. P2P
    339. PAC
    340. Packet
    341. Page load time
    342. Page prediction
    343. Parameter
    344. Parent object
    345. Parse
    346. Parser
    347. Payload body
    348. Payload header
    349. PDF
    350. Perceived performance
    351. Percent-encoding
    352. PHP
    353. Physical properties
    354. Pixel
    355. Placeholder names
    356. Plaintext
    357. Plugin
    358. PNG
    359. Polyfill
    360. Polymorphism
    361. POP3
    362. Port
    363. Prefetch
    364. Preflight request
    365. Prerender
    366. Presto
    367. Primitive
    368. Privileged
    369. Privileged code
    370. Progressive Enhancement
    371. Progressive web apps
    372. Promise
    373. Property
    374. Protocol
    375. Prototype
    376. Prototype-based programming
    377. Proxy server
    378. Pseudo-class
    379. Pseudo-element
    380. Pseudocode
    381. Public-key cryptography
    382. Python
    383. Quality values
    384. Quaternion
    385. QUIC
    386. RAIL
    387. Random Number Generator
    388. Raster image
    389. RDF
    390. Real User Monitoring (RUM)
    391. Recursion
    392. Reflow
    393. Regular expression
    394. Relying party
    395. Render-blocking
    396. Repaint
    397. Replay attack
    398. Repo
    399. Reporting directive
    400. Representation header
    401. Request header
    402. Resource Timing
    403. Response header
    404. Responsive web design
    405. REST
    406. RGB
    407. RIL
    408. Robots.txt
    409. Round Trip Time (RTT)
    410. Routers
    411. RSS
    412. Rsync
    413. RTCP (RTP Control Protocol)
    414. RTF
    415. RTL (Right to Left)
    416. RTP (Real-time Transport Protocol) and SRTP (Secure RTP)
    417. RTSP: Real-time streaming protocol
    418. Ruby
    419. Safe
    420. Salt
    421. Same-origin policy
    422. SCM
    423. Scope
    424. Screen reader
    425. Script-supporting element
    426. Scroll boundary
    427. Scroll chaining
    428. Scroll container
    429. SCTP
    430. SDK (Software Development Kit)
    431. SDP
    432. Search engine
    433. Secure Context
    434. Secure Sockets Layer (SSL)
    435. Selector (CSS)
    436. Self-Executing Anonymous Function
    437. Semantics
    438. SEO
    439. Serializable object
    440. Serialization
    441. Server
    442. Server Timing
    443. Session Hijacking
    444. SGML
    445. Shadow tree
    446. Shallow copy
    447. Shim
    448. Signature
    449. SIMD
    450. SISD
    451. Site
    452. Site map
    453. SLD
    454. Sloppy mode
    455. Slug
    456. Smoke Test
    457. SMPTE (Society of Motion Picture and Television Engineers)
    458. SMTP
    459. Snake case
    460. Snap positions
    461. SOAP
    462. SPA (Single-page application)
    463. Specification
    464. Speculative parsing
    465. Speed index
    466. SQL
    467. SQL Injection
    468. SRI
    469. Stacking context
    470. State machine
    471. Statement
    472. Static method
    473. Static typing
    474. Sticky activation
    475. Strict mode
    476. String
    477. Stringifier
    478. STUN
    479. Style origin
    480. Stylesheet
    481. Submit button
    482. SVG
    483. SVN
    484. Symbol
    485. Symmetric-key cryptography
    486. Synchronous
    487. Syntax
    488. Syntax error
    489. Synthetic monitoring
    490. Table grid box
    491. Table Wrapper Box
    492. Tag
    493. TCP
    494. TCP handshake
    495. TCP slow start
    496. Telnet
    497. Texel
    498. The Khronos Group
    499. Thread
    500. Three js
    501. Time to first byte
    502. Time to interactive
    503. TLD
    504. TOFU
    505. Top layer
    506. Transient activation
    507. Transport Layer Security (TLS)
    508. Tree shaking
    509. Trident
    510. Truthy
    511. TTL
    512. TURN
    513. Type
    514. Type coercion
    515. Type conversion
    516. TypeScript
    517. UDP (User Datagram Protocol)
    518. UI
    519. Undefined
    520. Unicode
    521. Unix time
    522. URI
    523. URL
    524. URN
    525. Usenet
    526. User agent
    527. UTF-8
    528. UUID
    529. UX
    530. Validator
    531. Value
    532. Variable
    533. Vendor Prefix
    534. Viewport
    535. Visual Viewport
    536. Void element
    537. VoIP
    538. W3C
    539. WAI
    540. WCAG
    541. Web performance
    542. Web server
    543. Web standards
    544. WebAssembly
    545. WebDAV
    546. WebExtensions
    547. WebGL
    548. WebIDL
    549. WebKit
    550. WebM
    551. WebP
    552. WebRTC
    553. WebSockets
    554. WebVTT
    555. WHATWG
    556. Whitespace
    557. WindowProxy
    558. World Wide Web
    559. Wrapper
    560. XForms Deprecated
    561. XHTML
    562. XInclude
    563. XLink
    564. XML
    565. XMLHttpRequest (XHR)
    566. XPath
    567. XQuery
    568. XSLT
    569. Zstandard compression

目录

  • See also

CSP

A CSP (Content Security Policy) is used to detect and mitigate certain types of website related attacks like Cross-site_scripting, clickjacking and data injections.

The implementation is based on an HTTP header called Content-Security-Policy.

See also

  • Content Security Policy documentation
  • Content Security Policy on Wikipedia
MDN Web 中文网 - 粤ICP备13048890号