Content-Security-Policy is the name of an HTTP response header that current browsers utilize to improve document security (or web page). The Content-Security-Policy header allows you to control how the browser loads resources such as JavaScript, CSS, and pretty much anything else.
Although it is most commonly used as an HTTP response header, it may also be used as a meta tag.
Impact
There is no direct impact on your website if CSP is not implemented. However, if your website is exposed to a Cross-site Scripting attack, CSP can prevent the vulnerability from being successfully exploited. You will lose this extra layer of protection if you do not implement CSP.
Browser Support for CSP
Chrome
Content-Security-Policy CSP Level 3 – Chrome 59+ Partial SupportContent-Security-Policy CSP Level 2 – Chrome 40+ Full Support Since January 2015Content-Security-Policy CSP 1.0 – Chrome 25+X-Webkit-CSP Deprecated – Chrome 14-24
Firefox
Content-Security-Policy CSP Level 3 – Firefox 58+ Partial SupportContent-Security-Policy CSP Level 2 – Firefox 31+ Partial Support since July 2014Content-Security-Policy CSP 1.0 – Firefox 23+ Full SupportX-Content-Security-Policy Deprecated – Firefox 4-22
Safari
Content-Security-Policy CSP Level 3 – Safari 15.4+ Partial SupportContent-Security-Policy CSP Level 2 – Safari 10+Content-Security-Policy CSP 1.0 – Safari 7+X-Webkit-CSP Deprecated – Safari 6
Edge
Content-Security-Policy CSP Level 3 – Edge 79+ Partial SupportContent-Security-Policy CSP Level 2 – Edge 15+ Partial, 76+ FullContent-Security-Policy CSP 1.0 – Edge 12+
Internet Explorer
X-Content-Security-Policy Deprecated – IE 10-11 support sandbox only
for more information please refer to the link
ZOFixer.com security scan helps to find this vulnerability in your software and server, you can easily use it by registering on our website and activating the 30-day trial.