{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T10:45:53Z","timestamp":1773830753791,"version":"3.50.1"},"publisher-location":"Cham","reference-count":21,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319113784","type":"print"},{"value":"9783319113791","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-11379-1_11","type":"book-chapter","created":{"date-parts":[[2014,8,19]],"date-time":"2014-08-19T23:14:54Z","timestamp":1408490094000},"page":"212-233","source":"Crossref","is-referenced-by-count":43,"title":["Why Is CSP Failing? Trends and Challenges in CSP Adoption"],"prefix":"10.1007","author":[{"given":"Michael","family":"Weissbacher","sequence":"first","affiliation":[]},{"given":"Tobias","family":"Lauinger","sequence":"additional","affiliation":[]},{"given":"William","family":"Robertson","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"11_CR1","unstructured":"DNS Prefetching - The Chromium Projects, \n                    \n                      http:\/\/www.chromium.org\/developers\/design-documents\/dns-prefetching"},{"key":"11_CR2","unstructured":"The Platform for Privacy Preferences 1.0 (P3P1.0) Specification (2002), \n                    \n                      http:\/\/www.w3.org\/TR\/P3P\/"},{"key":"11_CR3","unstructured":"IE8 Security Part IV: The XSS Filter (2008), \n                    \n                      http:\/\/blogs.msdn.com\/b\/ie\/archive\/2008\/07\/02\/ie8-security-part-iv-the-xss-filter.aspx"},{"key":"11_CR4","unstructured":"IE8 Security Part V: Comprehensive Protection (2008), \n                    \n                      http:\/\/blogs.msdn.com\/b\/ie\/archive\/2008\/07\/02\/ie8-security-part-v-comprehensive-protection.aspx"},{"key":"11_CR5","unstructured":"RFC 6797 - HTTP Strict Transport Security, HSTS (2012), \n                    \n                      http:\/\/tools.ietf.org\/html\/rfc6797"},{"key":"11_CR6","unstructured":"Content Security Policy 1.1 (2013), \n                    \n                      https:\/\/dvcs.w3.org\/hg\/content-security-policy\/raw-file\/tip\/csp-specification.dev.html"},{"key":"11_CR7","unstructured":"Cross-Origin Resource Sharing, W3C Candidate Recommendation (January 29, 2013), \n                    \n                      http:\/\/www.w3.org\/TR\/cors\/"},{"key":"11_CR8","unstructured":"Postcards from the post-XSS world (2013), \n                    \n                      http:\/\/lcamtuf.coredump.cx\/postxss\/"},{"key":"11_CR9","unstructured":"RFC 7034 - HTTP Header Field X-Frame-Options (2013), \n                    \n                      http:\/\/tools.ietf.org\/html\/rfc7034"},{"key":"11_CR10","doi-asserted-by":"crossref","unstructured":"Doup\u00e9, A., Cui, W., Jakubowski, M.H., Peinado, M., Kruegel, C., Vigna, G.: deDacota: Toward Preventing Server-Side XSS via Automatic Code and Data Separation. In: ACM Conference on Computer and Communications Security, CCS (2013)","DOI":"10.1145\/2508859.2516708"},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"Jim, T., Swamy, N., Hicks, M.: Defeating Script Injection Attacks with Browser-Enforced Embedded Policies. In: International Conference on World Wide Web, WWW (2007)","DOI":"10.1145\/1242572.1242654"},{"key":"11_CR12","doi-asserted-by":"crossref","unstructured":"Meyerovich, L.A., Livshits, B.: ConScript: Specifying and enforcing fine-grained security policies for Javascript in the browser. In: IEEE Symposium on Security and Privacy, Oakland (2010)","DOI":"10.1109\/SP.2010.36"},{"key":"11_CR13","doi-asserted-by":"crossref","unstructured":"Nikiforakis, N., Invernizzi, L., Kapravelos, A., Van Acker, S., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions. In: ACM Conference on Computer and Communications Security, CCS (2012)","DOI":"10.1145\/2382196.2382274"},{"key":"11_CR14","unstructured":"Oda, T., Somayaji, A.: Enhancing Web Page Security with Security Style Sheets. Carleton University (2011)"},{"key":"11_CR15","doi-asserted-by":"crossref","unstructured":"Oda, T., Wurster, G., van Oorschot, P.C., Somayaji, A.: SOMA: Mutual Approval for Included Content in Web Pages. In: ACM Conference on Computer and Communications Security, CCS (2008)","DOI":"10.1145\/1455770.1455783"},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Olejnik, L., Tran, M.D., Castelluccia, C.: Selling Off Privacy at Auction. In: ISOC Network and Distributed System Security Symposium (NDSS) (2014)","DOI":"10.14722\/ndss.2014.23270"},{"key":"11_CR17","doi-asserted-by":"crossref","unstructured":"Samuel, M., Saxena, P., Song, D.: Context-Sensitive Auto-Sanitization in Web Templating Languages Using Type Qualifiers. In: ACM Conference on Computer and Communications Security, CCS (2011)","DOI":"10.1145\/2046707.2046775"},{"key":"11_CR18","unstructured":"Son, S., Shmatikov, V.: The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites. In: ISOC Network and Distributed System Security Symposium, NDSS (2013)"},{"key":"11_CR19","doi-asserted-by":"crossref","unstructured":"Stamm, S., Sterne, B., Markham, G.: Reining in the Web with Content Security Policy. In: International Conference on World Wide Web, WWW (2010)","DOI":"10.1145\/1772690.1772784"},{"key":"11_CR20","doi-asserted-by":"crossref","unstructured":"Ter Louw, M., Venkatakrishnan, V.: BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers. In: IEEE Symposium on Security and Privacy, Oakland (2009)","DOI":"10.1109\/SP.2009.33"},{"key":"11_CR21","unstructured":"Weinberger, J., Barth, A., Song, D.: Towards Client-side HTML Security Policies. In: Workshop on Hot Topics on Security, HotSec (2011)"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-11379-1_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,27]],"date-time":"2019-05-27T12:34:59Z","timestamp":1558960499000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-11379-1_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319113784","9783319113791"],"references-count":21,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-11379-1_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]}}}