W3C Invites Implementations of Content Security Policy Level 2


The Web Application Security Working Group has published a Candidate Recommendation of Content Security Policy Level 2. This specification updates Content Security Policy, fine-tuning the existing policy options, and introducing a number of new mechanisms that site authors can use to mitigate the risk of content injection and related attacks. Major differences from Content Security Policy Level 1 may be found in Section 1.1 of the document.
With this publication, we move the earlier edition off the Recommendation Track to a Note (Content Security Policy 1.0) and invite implementers to share their experience with CSP Level 2. Learn more about the Security Activity.

Comments

Post a Comment

Popular posts from this blog

XML Signature Syntax and Processing Version 2.0 Note Published

23 July 2015 The  XML Security Working Group  has published a Group Note of  XML Signature Syntax and Processing Version 2.0 . This informative W3C Working Group Note describes XML digital signature processing rules and syntax. XML Signatures provide integrity, message authentication, and/or signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere. Learn more about the  Security Activity . Introduction: Mastering Digital Growth in 2025—From SEO to Social Media and AI In 2025, digital success isn’t just about having an online presence—it’s about strategically connecting the dots between SEO, web design, content creation, and social media. For small businesses and marketers alike, staying ahead means embracing the latest tools and trends that shape how we rank, engage, and grow online. Whether you're aiming to  win local search  with cutting-edge  SEO for Small Business in 2025: H...
Read more

Latest W3C Advancements in 2026: Shaping the Future of Web Data, Security, and AI

Image
As we dive into 2026, the World Wide Web Consortium (W3C) continues to push the boundaries of web standards, ensuring the internet remains open, secure, and innovative. January has already brought a flurry of exciting announcements, from enhancements in data validation to stronger authentication mechanisms, threat modeling for emerging technologies, and accelerated AI capabilities in browsers. In this detailed blog post, we'll explore four key W3C news items released this month, breaking down their technical details, implications for developers and users, and how they contribute to a more robust web ecosystem. These developments highlight W3C's commitment to addressing real-world challenges in data integrity, privacy, security, and machine learning. Whether you're a web developer, security expert, or AI enthusiast, these updates offer valuable insights into the evolving web landscape. Let's break them down one by one. 1. First Public Working Draft: SHACL 1.2 Node Expr...
Read more

Bing in 2026: Growing Market Share, Copilot Integration, and Why You Should Optimize for It Now

Image
As we kick off 2026, the search landscape continues to evolve beyond Google's dominance. While Google still commands the lion's share of queries, Microsoft Bing is quietly gaining ground—fueled by deep AI integrations, ecosystem advantages, and steady user adoption. Bing isn't just a "second search engine" anymore; it's becoming a strategic channel for visibility, especially in desktop, enterprise, gaming, and AI-driven searches. In this post, we'll break down Bing's current momentum, its powerful Copilot features, and practical reasons to start optimizing your site for Bing right now (before your competitors do). Bing's Market Share in 2026: Steady Growth Amid Shifting Trends Bing's global market share hovers around 4% as of late 2025/early 2026, with Google at approximately 90-91% (based on Statcounter data through December 2025). While that gap seems wide, Bing shows consistent upward trends: Desktop dominance : Bing captures 11-12% ...
Read more