Content Security Policy

A Content Security Policy, defined in a W3C candidate recommendation, lets sites set security restrictions on access of objects within a page, to prevent risky cross-site activity. This has come under some criticism for its ability to block things users may want, such as bookmarklets.

Policies are linked via an HTTP header Content-Security-Policy (or its equivalent meta tag). They consist of a series of semicolon-separated directives.

Links

 * W3C spec
 * Bookmarklets are dead; we just don't know it yet