content_security_policy

Safe to Use

content_security_policy is not safe to use.

It’s supported by 54% of global browsers.

Browsers

ChromeDec 11, 2008v1.0.0

26%╱100%

SafariSep 16, 2020v14.0.0

5%╱93%

EdgeUnknownv1.0.0

5%╱100%

FirefoxAug 2, 2016v48.0.0

3%╱100%

Version Breakdown

Agent

Support

Adoption

Chrome

Dec 11, 2008 v1.0.0

26%╱100%

Dec 11, 2008 – Latest

v1.0.0+

26%╱100%

Full Support

Until Chrome 110, the object-src directive was required with a secure source. From Chrome 111, the object-src directive is optional.

Edge

Unknown v1.0.0

5%╱100%

Unknown

v1.0.0+

5%╱100%

Full Support

Until Edge 110, the object-src directive was required with a secure source. From Edge 111, the object-src directive is optional.

Firefox

Aug 2, 2016 v48.0.0

3%╱100%

Aug 2, 2016 – Latest

v48.0.0+

3%╱100%

Full Support

Firefox does not support 'http://127.0.0.1' or 'http://localhost' as script sources: they must be served over HTTPS.

Until Firefox 105, the object-src directive was required with a secure source. From Firefox 106, the object-src directive is optional.

Firefox for Android

Unsupported

No Support

Opera

Unknown v1.0.0

1%╱100%

Unknown

v1.0.0+

1%╱100%

Full Support

Until Opera 96, the object-src directive was required with a secure source. From Opera 97, the object-src directive is optional.

Safari

Sep 16, 2020 v14.0.0

5%╱93%

Sep 16, 2020 – Latest

v14.0.0+

5%╱93%

Full Support

There is no requirement to include the object-src directive.

Safari on iOS

Sep 20, 2021 v15.0.0

15%╱93%

Sep 20, 2021 – Latest

v15.0.0+

15%╱93%

Full Support

There is no requirement to include the object-src directive.

content_security_policy

Safe to Use

Browsers

Version Breakdown

Contribute