{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T19:16:25Z","timestamp":1771960585124,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":29,"publisher":"ACM","license":[{"start":{"date-parts":[[2016,10,24]],"date-time":"2016-10-24T00:00:00Z","timestamp":1477267200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,10,24]]},"DOI":"10.1145\/2976749.2978338","type":"proceedings-article","created":{"date-parts":[[2016,10,25]],"date-time":"2016-10-25T12:46:35Z","timestamp":1477399595000},"page":"1365-1375","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":42,"title":["Content Security Problems?"],"prefix":"10.1145","author":[{"given":"Stefano","family":"Calzavara","sequence":"first","affiliation":[{"name":"Universit\u00e0 Ca' Foscari, Venezia, Italy"}]},{"given":"Alvise","family":"Rabitti","sequence":"additional","affiliation":[{"name":"Universit\u00e0 Ca' Foscari, Venezia, Italy"}]},{"given":"Michele","family":"Bugliesi","sequence":"additional","affiliation":[{"name":"Universit\u00e0 Ca' Foscari, Venezia, Italy"}]}],"member":"320","published-online":{"date-parts":[[2016,10,24]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Alexa top sites. http:\/\/www.alexa.com\/topsites.  Alexa top sites. http:\/\/www.alexa.com\/topsites."},{"key":"e_1_3_2_1_2_1","unstructured":"Content Security Policy 1.0. https:\/\/www.w3.org\/TR\/2012\/CR-CSP-20121115\/.  Content Security Policy 1.0. https:\/\/www.w3.org\/TR\/2012\/CR-CSP-20121115\/."},{"key":"e_1_3_2_1_3_1","unstructured":"Content Security Policy Level 2. https:\/\/www.w3.org\/TR\/CSP2\/.  Content Security Policy Level 2. https:\/\/www.w3.org\/TR\/CSP2\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Content Security Policy Level 3. https:\/\/w3c.github.io\/webappsec-csp\/.  Content Security Policy Level 3. https:\/\/w3c.github.io\/webappsec-csp\/."},{"key":"e_1_3_2_1_5_1","unstructured":"Mixed content. https:\/\/www.w3.org\/TR\/mixed-content\/.  Mixed content. https:\/\/www.w3.org\/TR\/mixed-content\/."},{"key":"e_1_3_2_1_6_1","unstructured":"OWASP Top 10 Threats. https:\/\/www.owasp.org\/index.php\/Top_10_2013-Top_10.  OWASP Top 10 Threats. https:\/\/www.owasp.org\/index.php\/Top_10_2013-Top_10."},{"key":"e_1_3_2_1_7_1","unstructured":"Upgrade insecure requests. https:\/\/www.w3.org\/TR\/upgrade-insecure-requests\/.  Upgrade insecure requests. https:\/\/www.w3.org\/TR\/upgrade-insecure-requests\/."},{"key":"e_1_3_2_1_8_1","unstructured":"The web origin concept. https:\/\/tools.ietf.org\/html\/rfc6454.  The web origin concept. https:\/\/tools.ietf.org\/html\/rfc6454."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2754933"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-27659-5_25"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.12.004"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_14"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2771783.2771789"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242654"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2014.03.007"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23162"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516703"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.33"},{"key":"e_1_3_2_1_19_1","volume-title":"NDSS","author":"Nadji Yacin","year":"2009","unstructured":"Yacin Nadji , Prateek Saxena , and Dawn Song . Document structure integrity: A robust basis for cross-site scripting defense . In NDSS , 2009 . Yacin Nadji, Prateek Saxena, and Dawn Song. Document structure integrity: A robust basis for cross-site scripting defense. In NDSS, 2009."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382274"},{"issue":"2","key":"e_1_3_2_1_21_1","first-page":"383","article-title":"A measurement study of the Content Security Policy on real-world applications","volume":"18","author":"Patil Kailas","year":"2016","unstructured":"Kailas Patil and Braun Frederik . A measurement study of the Content Security Policy on real-world applications . I. J. Network Security , 18 ( 2 ): 383 -- 392 , 2016 . Kailas Patil and Braun Frederik. A measurement study of the Content Security Policy on real-world applications. I. J. Network Security, 18(2):383--392, 2016.","journal-title":"I. J. Network Security"},{"key":"e_1_3_2_1_22_1","volume-title":"W2SP","author":"Rydstedt Gustav","year":"2010","unstructured":"Gustav Rydstedt , Elie Bursztein , Dan Boneh , and Collin Jackson . Busting frame busting: a study of clickjacking vulnerabilities at popular sites . In W2SP , 2010 . Gustav Rydstedt, Elie Bursztein, Dan Boneh, and Collin Jackson. Busting frame busting: a study of clickjacking vulnerabilities at popular sites. In W2SP, 2010."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772784"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897899"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-08593-7_8"},{"key":"e_1_3_2_1_26_1","volume-title":"HotSec","author":"Weinberger Joel","year":"2011","unstructured":"Joel Weinberger , Adam Barth , and Dawn Song . Towards client-side HTML security policies . In HotSec , 2011 . Joel Weinberger, Adam Barth, and Dawn Song. Towards client-side HTML security policies. In HotSec, 2011."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/2041225.2041237"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11379-1_11"},{"key":"e_1_3_2_1_29_1","unstructured":"Mike West. An introduction to Content Security Policy. http:\/\/www.html5rocks.com\/en\/tutorials\/security\/content-security-policy\/.  Mike West. An introduction to Content Security Policy. http:\/\/www.html5rocks.com\/en\/tutorials\/security\/content-security-policy\/."}],"event":{"name":"CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security","location":"Vienna Austria","acronym":"CCS'16","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978338","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2976749.2978338","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:56:17Z","timestamp":1750222577000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978338"}},"subtitle":["Evaluating the Effectiveness of Content Security Policy in the Wild"],"short-title":[],"issued":{"date-parts":[[2016,10,24]]},"references-count":29,"alternative-id":["10.1145\/2976749.2978338","10.1145\/2976749"],"URL":"https:\/\/doi.org\/10.1145\/2976749.2978338","relation":{},"subject":[],"published":{"date-parts":[[2016,10,24]]},"assertion":[{"value":"2016-10-24","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}