CINXE.COM

<!doctype html><html lang="en-US" prefix="og: https://ogp.me/ns#"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="https://developer.mozilla.org/favicon-48x48.bc390275e955dacb2e65.png"/><link rel="apple-touch-icon" href="https://developer.mozilla.org/apple-touch-icon.528534bba673c38049c2.png"/><meta name="theme-color" content="#ffffff"/><link rel="manifest" href="https://developer.mozilla.org/manifest.f42880861b394dd4dc9b.json"/><link rel="search" type="application/opensearchdescription+xml" href="/opensearch.xml" title="MDN Web Docs"/><title>content_security_policy - Mozilla | MDN</title><link rel="alternate" title="content_security_policy" href="https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy" hrefLang="en"/><link rel="alternate" title="content_security_policy" href="https://developer.mozilla.org/fr/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy" hrefLang="fr"/><link rel="alternate" title="content_security_policy" href="https://developer.mozilla.org/ja/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy" hrefLang="ja"/><link rel="alternate" title="content_security_policy" href="https://developer.mozilla.org/ru/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy" hrefLang="ru"/><link rel="alternate" title="content_security_policy" href="https://developer.mozilla.org/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy" hrefLang="de"/><link rel="preload" as="font" type="font/woff2" href="/static/media/Inter.var.c2fe3cb2b7c746f7966a.woff2" crossorigin=""/><link rel="alternate" type="application/rss+xml" title="MDN Blog RSS Feed" href="https://developer.mozilla.org/en-US/blog/rss.xml" hrefLang="en"/><meta name="description" content="Erweiterungen haben standardmäßig eine Content Security Policy (CSP), die auf sie angewendet wird. Die Standardrichtlinie beschränkt die Quellen, von denen Erweiterungen Code laden können (wie z.B. <script>-Ressourcen), und verbietet potenziell unsichere Praktiken wie die Verwendung von eval(). Weitere Informationen zu den Auswirkungen finden Sie unter Standard-Content-Sicherheitsrichtlinie."/><meta property="og:url" content="https://developer.mozilla.org/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy"/><meta property="og:title" content="content_security_policy - Mozilla | MDN"/><meta property="og:type" content="website"/><meta property="og:locale" content="de"/><meta property="og:description" content="Erweiterungen haben standardmäßig eine Content Security Policy (CSP), die auf sie angewendet wird. Die Standardrichtlinie beschränkt die Quellen, von denen Erweiterungen Code laden können (wie z.B. <script>-Ressourcen), und verbietet potenziell unsichere Praktiken wie die Verwendung von eval(). Weitere Informationen zu den Auswirkungen finden Sie unter Standard-Content-Sicherheitsrichtlinie."/><meta property="og:image" content="https://developer.mozilla.org/mdn-social-share.d893525a4fb5fb1f67a2.png"/><meta property="og:image:type" content="image/png"/><meta property="og:image:height" content="1080"/><meta property="og:image:width" content="1920"/><meta property="og:image:alt" content="The MDN Web Docs logo, featuring a blue accent color, displayed on a solid black background."/><meta property="og:site_name" content="MDN Web Docs"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:creator" content="MozDevNet"/><link rel="canonical" href="https://developer.mozilla.org/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy"/><style media="print">.article-actions-container,.document-toc-container,.language-menu,.main-menu-toggle,.on-github,.page-footer,.place,.sidebar,.top-banner,.top-navigation-main,ul.prev-next{display:none!important}.main-page-content,.main-page-content pre{padding:2px}.main-page-content pre{border-left-width:2px}</style><script src="/static/js/gtag.js" defer=""></script><script defer="" src="/static/js/main.f565372a.js"></script><link href="/static/css/main.3d9e7a02.css" rel="stylesheet"/></head><body><script>if(document.body.addEventListener("load",(t=>{t.target.classList.contains("interactive")&&t.target.setAttribute("data-readystate","complete")}),{capture:!0}),window&&document.documentElement){const t={light:"#ffffff",dark:"#1b1b1b"};try{const e=window.localStorage.getItem("theme");e&&(document.documentElement.className=e,document.documentElement.style.backgroundColor=t[e]);const o=window.localStorage.getItem("nop");o&&(document.documentElement.dataset.nop=o)}catch(t){console.warn("Unable to read theme from localStorage",t)}}</script><div id="root"><ul id="nav-access" class="a11y-nav"><li><a id="skip-main" href="#content">Skip to main content</a></li><li><a id="skip-search" href="#top-nav-search-input">Skip to search</a></li><li><a id="skip-select-language" href="#languages-switcher-button">Skip to select language</a></li></ul><div class="page-wrapper document-page"><div class="top-banner loading"><section class="place top container"></section></div><div class="sticky-header-container"><header class="top-navigation "><div class="container "><div class="top-navigation-wrap"><a href="/de/" class="logo" aria-label="MDN homepage"><svg id="mdn-docs-logo" xmlns="http://www.w3.org/2000/svg" x="0" y="0" viewBox="0 0 694.9 104.4" style="enable-background:new 0 0 694.9 104.4" xml:space="preserve" role="img"><title>MDN Web Docs</title><path d="M40.3 0 11.7 92.1H0L28.5 0h11.8zm10.4 0v92.1H40.3V0h10.4zM91 0 62.5 92.1H50.8L79.3 0H91zm10.4 0v92.1H91V0h10.4z" class="logo-m"></path><path d="M627.9 95.6h67v8.8h-67v-8.8z" class="logo-_"></path><path d="M367 42h-4l-10.7 30.8h-5.5l-10.8-26h-.4l-10.5 26h-5.2L308.7 42h-3.8v-5.6H323V42h-6.5l6.8 20.4h.4l10.3-26h4.7l11.2 26h.5l5.7-20.3h-6.2v-5.6H367V42zm34.9 20c-.4 3.2-2 5.9-4.7 8.2-2.8 2.3-6.5 3.4-11.3 3.4-5.4 0-9.7-1.6-13.1-4.7-3.3-3.2-5-7.7-5-13.7 0-5.7 1.6-10.3 4.7-14s7.4-5.5 12.9-5.5c5.1 0 9.1 1.6 11.9 4.7s4.3 6.9 4.3 11.3c0 1.5-.2 3-.5 4.7h-25.6c.3 7.7 4 11.6 10.9 11.6 2.9 0 5.1-.7 6.5-2 1.5-1.4 2.5-3 3-4.9l6 .9zM394 51.3c.2-2.4-.4-4.7-1.8-6.9s-3.8-3.3-7-3.3c-3.1 0-5.3 1-6.9 3-1.5 2-2.5 4.4-2.8 7.2H394zm51 2.4c0 5-1.3 9.5-4 13.7s-6.9 6.2-12.7 6.2c-6 0-10.3-2.2-12.7-6.7-.1.4-.2 1.4-.4 2.9s-.3 2.5-.4 2.9h-7.3c.3-1.7.6-3.5.8-5.3.3-1.8.4-3.7.4-5.5V22.3h-6v-5.6H416v27c1.1-2.2 2.7-4.1 4.7-5.7 2-1.6 4.8-2.4 8.4-2.4 4.6 0 8.4 1.6 11.4 4.7 3 3.2 4.5 7.6 4.5 13.4zm-7.7.6c0-4.2-1-7.4-3-9.5-2-2.2-4.4-3.3-7.4-3.3-3.4 0-6 1.2-8 3.7-1.9 2.4-2.9 5-3 7.7V57c0 3 1 5.6 3 7.7s4.5 3.1 7.6 3.1c3.6 0 6.3-1.3 8.1-3.9 1.8-2.7 2.7-5.9 2.7-9.6zm69.2 18.5h-13.2v-7.2c-1.2 2.2-2.8 4.1-4.9 5.6-2.1 1.6-4.8 2.4-8.3 2.4-4.8 0-8.7-1.6-11.6-4.9-2.9-3.2-4.3-7.7-4.3-13.3 0-5 1.3-9.6 4-13.7 2.6-4.1 6.9-6.2 12.8-6.2 5.7 0 9.8 2.2 12.3 6.5V22.3h-8.6v-5.6h15.8v50.6h6v5.5zM493.2 56v-4.4c-.1-3-1.2-5.5-3.2-7.3s-4.4-2.8-7.2-2.8c-3.6 0-6.3 1.3-8.2 3.9-1.9 2.6-2.8 5.8-2.8 9.6 0 4.1 1 7.3 3 9.5s4.5 3.3 7.4 3.3c3.2 0 5.8-1.3 7.8-3.8 2.1-2.6 3.1-5.3 3.2-8zm53.1-1.4c0 5.6-1.8 10.2-5.3 13.7s-8.2 5.3-13.9 5.3-10.1-1.7-13.4-5.1c-3.3-3.4-5-7.9-5-13.5 0-5.3 1.6-9.9 4.7-13.7 3.2-3.8 7.9-5.7 14.2-5.7s11 1.9 14.1 5.7c3 3.7 4.6 8.1 4.6 13.3zm-7.7-.2c0-4-1-7.2-3-9.5s-4.8-3.5-8.2-3.5c-3.6 0-6.4 1.2-8.3 3.7s-2.9 5.6-2.9 9.5c0 3.7.9 6.8 2.8 9.4 1.9 2.6 4.6 3.9 8.3 3.9 3.6 0 6.4-1.3 8.4-3.8 1.9-2.6 2.9-5.8 2.9-9.7zm45 5.8c-.4 3.2-1.9 6.3-4.4 9.1-2.5 2.9-6.4 4.3-11.8 4.3-5.2 0-9.4-1.6-12.6-4.8-3.2-3.2-4.8-7.7-4.8-13.7 0-5.5 1.6-10.1 4.7-13.9 3.2-3.8 7.6-5.7 13.2-5.7 2.3 0 4.6.3 6.7.8 2.2.5 4.2 1.5 6.2 2.9l1.5 9.5-5.9.7-1.3-6.1c-2.1-1.2-4.5-1.8-7.2-1.8-3.5 0-6.1 1.2-7.7 3.7-1.7 2.5-2.5 5.7-2.5 9.6 0 4.1.9 7.3 2.7 9.5 1.8 2.3 4.4 3.4 7.8 3.4 5.2 0 8.2-2.9 9.2-8.8l6.2 1.3zm34.7 1.9c0 3.6-1.5 6.5-4.6 8.5s-7 3-11.7 3c-5.7 0-10.6-1.2-14.6-3.6l1.2-8.8 5.7.6-.2 4.7c1.1.5 2.3.9 3.6 1.1s2.6.3 3.9.3c2.4 0 4.5-.4 6.5-1.3 1.9-.9 2.9-2.2 2.9-4.1 0-1.8-.8-3.1-2.3-3.8s-3.5-1.3-5.8-1.7-4.6-.9-6.9-1.4c-2.3-.6-4.2-1.6-5.7-2.9-1.6-1.4-2.3-3.5-2.3-6.3 0-4.1 1.5-6.9 4.6-8.5s6.4-2.4 9.9-2.4c2.6 0 5 .3 7.2.9 2.2.6 4.3 1.4 6.1 2.4l.8 8.8-5.8.7-.8-5.7c-2.3-1-4.7-1.6-7.2-1.6-2.1 0-3.7.4-5.1 1.1-1.3.8-2 2-2 3.8 0 1.7.8 2.9 2.3 3.6 1.5.7 3.4 1.2 5.7 1.6 2.2.4 4.5.8 6.7 1.4 2.2.6 4.1 1.6 5.7 3 1.4 1.6 2.2 3.7 2.2 6.6zM197.6 73.2h-17.1v-5.5h3.8V51.9c0-3.7-.7-6.3-2.1-7.9-1.4-1.6-3.3-2.3-5.7-2.3-3.2 0-5.6 1.1-7.2 3.4s-2.4 4.6-2.5 6.9v15.6h6v5.5h-17.1v-5.5h3.8V51.9c0-3.8-.7-6.4-2.1-7.9-1.4-1.5-3.3-2.3-5.6-2.3-3.2 0-5.5 1.1-7.2 3.3-1.6 2.2-2.4 4.5-2.5 6.9v15.8h6.9v5.5h-20.2v-5.5h6V42.4h-6.1v-5.6h13.4v6.4c1.2-2.1 2.7-3.8 4.7-5.2 2-1.3 4.4-2 7.3-2s5.3.7 7.5 2.1c2.2 1.4 3.7 3.5 4.5 6.4 1.1-2.5 2.7-4.5 4.9-6.1s4.8-2.4 7.9-2.4c3.5 0 6.5 1.1 8.9 3.3s3.7 5.6 3.7 10.2v18.2h6.1v5.5zm42.5 0h-13.2V66c-1.2 2.2-2.8 4.1-4.9 5.6-2.1 1.6-4.8 2.4-8.3 2.4-4.8 0-8.7-1.6-11.6-4.9-2.9-3.2-4.3-7.7-4.3-13.3 0-5 1.3-9.6 4-13.7 2.6-4.1 6.9-6.2 12.8-6.2s9.8 2.2 12.3 6.5V22.7h-8.6v-5.6h15.8v50.6h6v5.5zm-13.3-16.8V52c-.1-3-1.2-5.5-3.2-7.3s-4.4-2.8-7.2-2.8c-3.6 0-6.3 1.3-8.2 3.9-1.9 2.6-2.8 5.8-2.8 9.6 0 4.1 1 7.3 3 9.5s4.5 3.3 7.4 3.3c3.2 0 5.8-1.3 7.8-3.8 2.1-2.6 3.1-5.3 3.2-8zm61.5 16.8H269v-5.5h6V51.9c0-3.7-.7-6.3-2.2-7.9-1.4-1.6-3.4-2.3-5.7-2.3-3.1 0-5.6 1-7.4 3s-2.8 4.4-2.9 7v15.9h6v5.5h-19.3v-5.5h6V42.4h-6.2v-5.6h13.6V43c2.6-4.6 6.8-6.9 12.7-6.9 3.6 0 6.7 1.1 9.2 3.3s3.7 5.6 3.7 10.2v18.2h6v5.4h-.2z" class="logo-text"></path></svg></a><button title="Open main menu" type="button" class="button action has-icon main-menu-toggle" aria-haspopup="menu" aria-label="Open main menu" aria-expanded="false"><span class="button-wrap"><span class="icon icon-menu "></span><span class="visually-hidden">Open main menu</span></span></button></div><div class="top-navigation-main"><nav class="main-nav" aria-label="Main menu"><ul class="main-menu nojs"><li class="top-level-entry-container "><button type="button" id="references-button" class="top-level-entry menu-toggle" aria-controls="references-menu" aria-expanded="false">References</button><a href="/de/docs/Web" class="top-level-entry">References</a><ul id="references-menu" class="submenu references hidden inline-submenu-lg" aria-labelledby="references-button"><li class="apis-link-container mobile-only "><a href="/de/docs/Web" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Overview / Web Technology</div><p class="submenu-item-description">Web technology reference for developers</p></div></a></li><li class="html-link-container "><a href="/de/docs/Web/HTML" class="submenu-item "><div class="submenu-icon html"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTML</div><p class="submenu-item-description">Structure of content on the web</p></div></a></li><li class="css-link-container "><a href="/de/docs/Web/CSS" class="submenu-item "><div class="submenu-icon css"></div><div class="submenu-content-container"><div class="submenu-item-heading">CSS</div><p class="submenu-item-description">Code used to describe document style</p></div></a></li><li class="javascript-link-container "><a href="/de/docs/Web/JavaScript" class="submenu-item "><div class="submenu-icon javascript"></div><div class="submenu-content-container"><div class="submenu-item-heading">JavaScript</div><p class="submenu-item-description">General-purpose scripting language</p></div></a></li><li class="http-link-container "><a href="/de/docs/Web/HTTP" class="submenu-item "><div class="submenu-icon http"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTTP</div><p class="submenu-item-description">Protocol for transmitting web resources</p></div></a></li><li class="apis-link-container "><a href="/de/docs/Web/API" class="submenu-item "><div class="submenu-icon apis"></div><div class="submenu-content-container"><div class="submenu-item-heading">Web APIs</div><p class="submenu-item-description">Interfaces for building web applications</p></div></a></li><li class="apis-link-container "><a href="/de/docs/Mozilla/Add-ons/WebExtensions" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Web Extensions</div><p class="submenu-item-description">Developing extensions for web browsers</p></div></a></li><li class=" "><a href="/de/docs/Web/Accessibility" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Accessibility</div><p class="submenu-item-description">Build web projects usable for all</p></div></a></li><li class="apis-link-container desktop-only "><a href="/de/docs/Web" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Web Technology</div><p class="submenu-item-description">Web technology reference for developers</p></div></a></li></ul></li><li class="top-level-entry-container "><button type="button" id="learn-button" class="top-level-entry menu-toggle" aria-controls="learn-menu" aria-expanded="false">Learn</button><a href="/de/docs/Learn_web_development" class="top-level-entry">Learn</a><ul id="learn-menu" class="submenu learn hidden inline-submenu-lg" aria-labelledby="learn-button"><li class="apis-link-container mobile-only "><a href="/de/docs/Learn_web_development" class="submenu-item "><div class="submenu-icon learn"></div><div class="submenu-content-container"><div class="submenu-item-heading">Overview / MDN Learning Area</div><p class="submenu-item-description">Learn web development</p></div></a></li><li class="apis-link-container desktop-only "><a href="/de/docs/Learn_web_development" class="submenu-item "><div class="submenu-icon learn"></div><div class="submenu-content-container"><div class="submenu-item-heading">MDN Learning Area</div><p class="submenu-item-description">Learn web development</p></div></a></li><li class="html-link-container "><a href="/de/docs/Learn_web_development/Core/Structuring_content" class="submenu-item "><div class="submenu-icon html"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTML</div><p class="submenu-item-description">Learn to structure web content with HTML</p></div></a></li><li class="css-link-container "><a href="/de/docs/Learn_web_development/Core/Styling_basics" class="submenu-item "><div class="submenu-icon css"></div><div class="submenu-content-container"><div class="submenu-item-heading">CSS</div><p class="submenu-item-description">Learn to style content using CSS</p></div></a></li><li class="javascript-link-container "><a href="/de/docs/Learn_web_development/Core/Scripting" class="submenu-item "><div class="submenu-icon javascript"></div><div class="submenu-content-container"><div class="submenu-item-heading">JavaScript</div><p class="submenu-item-description">Learn to run scripts in the browser</p></div></a></li><li class=" "><a href="/de/docs/Learn_web_development/Core/Accessibility" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Accessibility</div><p class="submenu-item-description">Learn to make the web accessible to all</p></div></a></li></ul></li><li class="top-level-entry-container "><button type="button" id="mdn-plus-button" class="top-level-entry menu-toggle" aria-controls="mdn-plus-menu" aria-expanded="false">Plus</button><a href="/de/plus" class="top-level-entry">Plus</a><ul id="mdn-plus-menu" class="submenu mdn-plus hidden inline-submenu-lg" aria-labelledby="mdn-plus-button"><li class=" "><a href="/de/plus" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Overview</div><p class="submenu-item-description">A customized MDN experience</p></div></a></li><li class=" "><a href="/de/plus/ai-help" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">AI Help</div><p class="submenu-item-description">Get real-time assistance and support</p></div></a></li><li class=" "><a href="/de/plus/updates" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Updates</div><p class="submenu-item-description">All browser compatibility updates at a glance</p></div></a></li><li class=" "><a href="/en-US/plus/docs/features/overview" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Documentation</div><p class="submenu-item-description">Learn how to use MDN Plus</p></div></a></li><li class=" "><a href="/en-US/plus/docs/faq" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">FAQ</div><p class="submenu-item-description">Frequently asked questions about MDN Plus</p></div></a></li></ul></li><li class="top-level-entry-container "><a class="top-level-entry menu-link" href="/en-US/curriculum/">Curriculum <sup class="new">New</sup></a></li><li class="top-level-entry-container "><a class="top-level-entry menu-link" href="/en-US/blog/">Blog</a></li><li class="top-level-entry-container "><button type="button" id="tools-button" class="top-level-entry menu-toggle" aria-controls="tools-menu" aria-expanded="false">Tools</button><ul id="tools-menu" class="submenu tools hidden inline-submenu-lg" aria-labelledby="tools-button"><li class=" "><a href="/de/play" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">Playground</div><p class="submenu-item-description">Write, test and share your code</p></div></a></li><li class=" "><a href="/en-US/observatory" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">HTTP Observatory</div><p class="submenu-item-description">Scan a website for free</p></div></a></li><li class=" "><a href="/en-US/plus/ai-help" class="submenu-item "><div class="submenu-icon"></div><div class="submenu-content-container"><div class="submenu-item-heading">AI Help</div><p class="submenu-item-description">Get real-time assistance and support</p></div></a></li></ul></li></ul></nav><div class="header-search"><form action="/de/search" class="search-form search-widget" id="top-nav-search-form" role="search"><label id="top-nav-search-label" for="top-nav-search-input" class="visually-hidden">Search MDN</label><input aria-activedescendant="" aria-autocomplete="list" aria-controls="top-nav-search-menu" aria-expanded="false" aria-labelledby="top-nav-search-label" autoComplete="off" id="top-nav-search-input" role="combobox" type="search" class="search-input-field" name="q" placeholder=" " required="" value=""/><button type="button" class="button action has-icon clear-search-button"><span class="button-wrap"><span class="icon icon-cancel "></span><span class="visually-hidden">Clear search input</span></span></button><button type="submit" class="button action has-icon search-button"><span class="button-wrap"><span class="icon icon-search "></span><span class="visually-hidden">Search</span></span></button><div id="top-nav-search-menu" role="listbox" aria-labelledby="top-nav-search-label"></div></form></div><div class="theme-switcher-menu"><button type="button" class="button action has-icon theme-switcher-menu small" aria-haspopup="menu"><span class="button-wrap"><span class="icon icon-theme-os-default "></span>Theme</span></button></div><ul class="auth-container"><li><a href="/users/fxa/login/authenticate/?next=%2Fde%2Fdocs%2FMozilla%2FAdd-ons%2FWebExtensions%2Fmanifest.json%2Fcontent_security_policy" class="login-link" rel="nofollow">Log in</a></li><li><a href="/users/fxa/login/authenticate/?next=%2Fde%2Fdocs%2FMozilla%2FAdd-ons%2FWebExtensions%2Fmanifest.json%2Fcontent_security_policy" target="_self" rel="nofollow" class="button primary mdn-plus-subscribe-link"><span class="button-wrap">Sign up for free</span></a></li></ul></div></div></header><div class="article-actions-container"><div class="container"><button type="button" class="button action has-icon sidebar-button" aria-label="Expand sidebar" aria-expanded="false" aria-controls="sidebar-quicklinks"><span class="button-wrap"><span class="icon icon-sidebar "></span></span></button><nav class="breadcrumbs-container" aria-label="Breadcrumb"><ol typeof="BreadcrumbList" vocab="https://schema.org/" aria-label="breadcrumbs"><li property="itemListElement" typeof="ListItem"><a href="/de/docs/Mozilla" class="breadcrumb" property="item" typeof="WebPage"><span property="name">Mozilla</span></a><meta property="position" content="1"/></li><li property="itemListElement" typeof="ListItem"><a href="/de/docs/Mozilla/Add-ons" class="breadcrumb" property="item" typeof="WebPage"><span property="name">Add-ons</span></a><meta property="position" content="2"/></li><li property="itemListElement" typeof="ListItem"><a href="/de/docs/Mozilla/Add-ons/WebExtensions" class="breadcrumb" property="item" typeof="WebPage"><span property="name">Browsererweiterungen</span></a><meta property="position" content="3"/></li><li property="itemListElement" typeof="ListItem"><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json" class="breadcrumb" property="item" typeof="WebPage"><span property="name">manifest.json</span></a><meta property="position" content="4"/></li><li property="itemListElement" typeof="ListItem"><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy" class="breadcrumb-current-page" property="item" typeof="WebPage"><span property="name">content_security_policy</span></a><meta property="position" content="5"/></li></ol></nav><div class="article-actions"><button type="button" class="button action has-icon article-actions-toggle" aria-label="Article actions"><span class="button-wrap"><span class="icon icon-ellipses "></span><span class="article-actions-dialog-heading">Article Actions</span></span></button><ul class="article-actions-entries"><li class="article-actions-entry"><div class="languages-switcher-menu open-on-focus-within"><button id="languages-switcher-button" type="button" class="button action small has-icon languages-switcher-menu" aria-haspopup="menu"><span class="button-wrap"><span class="icon icon-language "></span>Deutsch<span title="Diese Übersetzung ist Teil eines Experiments."><span class="icon icon-experimental "></span></span></span></button><div class="hidden"><ul class="submenu language-menu " aria-labelledby="language-menu-button"><li class=" "><form class="submenu-item locale-redirect-setting"><div class="group"><label class="switch"><input type="checkbox" name="locale-redirect"/><span class="slider"></span><span class="label">Remember language</span></label><a href="https://github.com/orgs/mdn/discussions/739" rel="external noopener noreferrer" target="_blank" title="Enable this setting to automatically switch to this language when it's available. (Click to learn more.)"><span class="icon icon-question-mark "></span></a></div></form></li><li class=" "><a data-locale="en-US" href="/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy" class="button submenu-item"><span>English (US)</span></a></li><li class=" "><a data-locale="fr" href="/fr/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy" class="button submenu-item"><span>Français</span></a></li><li class=" "><a data-locale="ja" href="/ja/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy" class="button submenu-item"><span>日本語</span></a></li><li class=" "><a data-locale="ru" href="/ru/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy" class="button submenu-item"><span>Русский</span></a></li></ul></div></div></li></ul></div></div></div></div><div class="container"><div class="notecard experimental localized-content-note"><p><a href="https://github.com/orgs/mdn/discussions/741" class="external"><strong>Experiment</strong>: Dieser Inhalt wurde automatisch aus dem Englischen übersetzt, und kann Fehler enthalten.</a></p></div></div><div class="main-wrapper"><div class="sidebar-container"><aside id="sidebar-quicklinks" class="sidebar"><button type="button" class="button action backdrop" aria-label="Collapse sidebar"><span class="button-wrap"></span></button><nav aria-label="Related Topics" class="sidebar-inner"><header class="sidebar-actions"><section class="sidebar-filter-container"><div class="sidebar-filter "><label id="sidebar-filter-label" class="sidebar-filter-label" for="sidebar-filter-input"><span class="icon icon-filter"></span><span class="visually-hidden">Filter sidebar</span></label><input id="sidebar-filter-input" autoComplete="off" class="sidebar-filter-input-field false" type="text" placeholder="Filter" value=""/><button type="button" class="button action has-icon clear-sidebar-filter-button"><span class="button-wrap"><span class="icon icon-cancel "></span><span class="visually-hidden">Clear filter input</span></span></button></div></section></header><div class="sidebar-inner-nav"><div class="in-nav-toc"><div class="document-toc-container"><section class="document-toc"><header><h2 class="document-toc-heading">In diesem Artikel</h2></header><ul class="document-toc-list"><li class="document-toc-item "><a class="document-toc-link" href="#object-src-direktive">object-src-Direktive</a></li><li class="document-toc-item "><a class="document-toc-link" href="#manifest_v2-syntax">Manifest V2-Syntax</a></li><li class="document-toc-item "><a class="document-toc-link" href="#manifest_v3-syntax">Manifest V3-Syntax</a></li><li class="document-toc-item "><a class="document-toc-link" href="#beispiele">Beispiele</a></li><li class="document-toc-item "><a class="document-toc-link" href="#browser-kompatibilität">Browser-Kompatibilität</a></li></ul></section></div></div><div class="sidebar-body"><ol><li class="section"><a href="/de/docs/Mozilla/Add-ons/WebExtensions">Browsererweiterungen</a></li><li class="toggle"><details><summary>Erste Schritte</summary><ol><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/What_are_WebExtensions">Was sind Erweiterungen?</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Your_first_WebExtension">Ihre erste Erweiterung</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Your_second_WebExtension">Ihre zweite Erweiterung</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Anatomy_of_a_WebExtension">Anatomie einer Erweiterung</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Examples">Beispielerweiterungen</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/What_next">Was nun?</a></li></ol></details></li><li class="toggle"><details><summary>Konzepte</summary><ol><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API">JavaScript-APIs</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Content_scripts">Inhaltsskripte</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Background_scripts">Hintergrundskripte</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Match_patterns">Match patterns</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Working_with_files">Arbeiten mit Dateien</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Internationalization">Internationalisierung</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy">Content Security Policy</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Native_messaging">Native Messaging</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Differences_between_API_implementations">Unterschiede zwischen API-Implementierungen</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Chrome_incompatibilities">Chrome-Inkompatibilitäten</a></li></ol></details></li><li class="toggle"><details><summary>Benutzeroberfläche</summary><ol><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/user_interface">Benutzeroberfläche</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Toolbar_button">Toolbar-Button</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Page_actions">Adressleisten-Schaltfläche</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Sidebars">Seitenleisten</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Context_menu_items">Kontextmenüelemente</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Options_pages">Options page</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Extension_pages">Erweiterungsseiten</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Notifications">Notifications</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Omnibox">Address bar suggestions</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/devtools_panels">devtools panels</a></li></ol></details></li><li class="toggle"><details><summary>Anleitungen</summary><ol><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Intercept_HTTP_requests">HTTP-Anfragen abfangen</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Modify_a_web_page">Eine Webseite modifizieren</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Safely_inserting_external_content_into_a_page">Externe Inhalte einfügen</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Sharing_objects_with_page_scripts">Objekte mit Seitenskripts teilen</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Add_a_button_to_the_toolbar">Einen Button zur Toolbar hinzufügen</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Implement_a_settings_page">Implementieren einer Einstellungsseite</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Working_with_the_Tabs_API">Arbeiten mit der Tabs-API</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Work_with_the_Bookmarks_API">Arbeiten mit der Bookmarks API</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Work_with_the_Cookies_API">Arbeiten mit der Cookies-API</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Work_with_contextual_identities">Arbeiten mit kontextbezogenen Identitäten</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Interact_with_the_clipboard">Interagieren mit der Zwischenablage</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Extending_the_developer_tools">Erweiterung der Entwicklerwerkzeuge</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Build_a_cross_browser_extension">Erstellen Sie eine plattformübergreifende Browser-Erweiterung</a></li></ol></details></li><li class="toggle"><details><summary>JavaScript-APIs</summary><ol><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/Browser_support_for_JavaScript_APIs">Browser-Kompatibilität für JavaScript-APIs</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/action">action</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/alarms">alarms</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/bookmarks">bookmarks</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/browserAction">browserAction</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/browserSettings">browserSettings</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/browsingData">browsingData</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/captivePortal">captivePortal</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/clipboard">clipboard</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/commands">commands</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/contentScripts">contentScripts</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/contextualIdentities">contextualIdentities</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/cookies">cookies</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/declarativeNetRequest">declarativeNetRequest</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/devtools">devtools</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/dns">dns</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/dom">dom</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/downloads">downloads</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/events">events</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/extension">extension</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/extensionTypes">extensionTypes</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/find">find</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/history">history</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/i18n">i18n</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/identity">identity</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/idle">idle</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/management">management</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/menus">menus</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/notifications">notifications</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/omnibox">omnibox</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/pageAction">pageAction</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/permissions">permissions</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/pkcs11">pkcs11</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/privacy">privacy</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/proxy">proxy</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/runtime">runtime</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/scripting">scripting</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/search">search</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/sessions">sessions</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/sidebarAction">sidebarAction</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/storage">storage</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/tabs">tabs</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/theme">theme</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/topSites">topSites</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/types">types</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/userScripts">userScripts</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/webNavigation">webNavigation</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/webRequest">webRequest</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/API/windows">windows</a></li></ol></details></li><li class="toggle"><details open=""><summary>Manifest-Schlüssel</summary><ol><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/action">action</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/author">author</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/background">background</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/browser_action">browser_action</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/browser_specific_settings">browser_specific_settings</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/chrome_settings_overrides">chrome_settings_overrides</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/chrome_url_overrides">chrome_url_overrides</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/commands">commands</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_scripts">content_scripts</a></li><li><em><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy" aria-current="page">content_security_policy</a></em></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/declarative_net_request">declarative_net_request</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/default_locale">default_locale</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/description">description</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/developer">developer</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/devtools_page">devtools_page</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/dictionaries">dictionaries</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/externally_connectable">externally_connectable</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/homepage_url">homepage_url</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/host_permissions">host_permissions</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/icons">icons</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/incognito">incognito</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/manifest_version">manifest_version</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/name">name</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/offline_enabled">offline_enabled</a><abbr class="icon icon-deprecated" title="Veraltet. Nicht empfohlen für neue Webseiten."> <span class="visually-hidden">Veraltet</span> </abbr></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/omnibox">omnibox</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/optional_host_permissions">optional_host_permissions</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/optional_permissions">optional_permissions</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/options_page">options_page</a><abbr class="icon icon-deprecated" title="Veraltet. Nicht empfohlen für neue Webseiten."> <span class="visually-hidden">Veraltet</span> </abbr></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/options_ui">options_ui</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/page_action">page_action</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions">permissions</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/protocol_handlers">protocol_handlers</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/short_name">short_name</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/sidebar_action">sidebar_action</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/storage">storage</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/theme">theme</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/theme_experiment">theme_experiment</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/user_scripts">user_scripts</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/version">version</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/version_name">version_name</a></li><li><a href="/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/web_accessible_resources">web_accessible_resources</a></li></ol></details></li><li class="toggle"><details><summary>Erweiterungs-Workshop</summary><ol><li><a href="https://extensionworkshop.com/documentation/develop/" class="external" target="_blank">Entwickeln</a></li><li><a href="https://extensionworkshop.com/documentation/publish/" class="external" target="_blank">Veröffentlichen</a></li><li><a href="https://extensionworkshop.com/documentation/manage/" class="external" target="_blank">Verwalten</a></li><li><a href="https://extensionworkshop.com/documentation/enterprise/" class="external" target="_blank">Unternehmen</a></li></ol></details></li><li class="section"><a href="/de/docs/Mozilla/Add-ons/Contact_us">Kontaktieren Sie uns</a></li><li class="toggle"><details><summary>Kanäle</summary><ol><li><a href="https://blog.mozilla.org/addons" class="external" target="_blank">Add-ons Blog</a></li><li><a href="https://discourse.mozilla.org/c/add-ons" class="external" target="_blank">Add-ons Forum</a></li><li><a href="https://chat.mozilla.org/#/room/%23addons:mozilla.org" class="external" target="_blank">Add-ons Chat</a></li></ol></details></li></ol></div></div><section class="place side"></section></nav></aside><div class="toc-container"><aside class="toc"><nav><div class="document-toc-container"><section class="document-toc"><header><h2 class="document-toc-heading">In diesem Artikel</h2></header><ul class="document-toc-list"><li class="document-toc-item "><a class="document-toc-link" href="#object-src-direktive">object-src-Direktive</a></li><li class="document-toc-item "><a class="document-toc-link" href="#manifest_v2-syntax">Manifest V2-Syntax</a></li><li class="document-toc-item "><a class="document-toc-link" href="#manifest_v3-syntax">Manifest V3-Syntax</a></li><li class="document-toc-item "><a class="document-toc-link" href="#beispiele">Beispiele</a></li><li class="document-toc-item "><a class="document-toc-link" href="#browser-kompatibilität">Browser-Kompatibilität</a></li></ul></section></div></nav></aside><section class="place side"></section></div></div><main id="content" class="main-content "><article class="main-page-content" lang="de"><header><h1>content_security_policy</h1></header><div class="section-content"><figure class="table-container"><table class="fullwidth-table standard-table"> <tbody> <tr> <th scope="row">Typ</th> <td><code>String</code></td> </tr> <tr> <th scope="row">Verpflichtend</th> <td>Nein</td> </tr> <tr> <th scope="row">Manifest-Version</th> <td>2 oder höher</td> </tr> <tr> <th scope="row">Beispiel</th> <td> Manifest V2: <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json notranslate"><code>"content_security_policy": "default-src 'self'"</code></pre></div> Manifest V3: <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json notranslate"><code>"content_security_policy": { "extension_pages": "default-src 'self'" }</code></pre></div> </td> </tr> </tbody> </table></figure> <p>Erweiterungen haben standardmäßig eine Content Security Policy (CSP), die auf sie angewendet wird. Die Standardrichtlinie beschränkt die Quellen, von denen Erweiterungen Code laden können (wie z.B. <a href="/de/docs/Web/HTML/Element/script"><code><script></code></a>-Ressourcen), und verbietet potenziell unsichere Praktiken wie die Verwendung von <a href="/de/docs/Web/JavaScript/Reference/Global_Objects/eval"><code>eval()</code></a>. Weitere Informationen zu den Auswirkungen finden Sie unter <a href="/de/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy#default_content_security_policy">Standard-Content-Sicherheitsrichtlinie</a>.</p> <p>Sie können den Manifest-Schlüssel <code>"content_security_policy"</code> verwenden, um die Standardrichtlinie zu lockern oder zu verschärfen. Dieser Schlüssel wird in gleicher Weise wie der Content-Security-Policy HTTP-Header angegeben. Siehe <a href="/de/docs/Web/HTTP/CSP">Verwendung der Content Security Policy</a> für eine allgemeine Beschreibung der CSP-Syntax.</p> <p>Beispielsweise können Sie diesen Schlüssel verwenden, um:</p> <ul> <li>Zulässige Quellen für andere Arten von Inhalten wie Bilder und Stylesheets mit der entsprechenden <a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy">Policy-Direktive</a> zu beschränken.</li> <li>Der Erweiterung zu ermöglichen, <a href="/de/docs/WebAssembly">WebAssembly</a> zu nutzen, indem die Quelle <code>'wasm-unsafe-eval'</code> in die <code>script-src</code>-Direktive aufgenommen wird.</li> <li>Die Standard-<a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src"><code>script-src</code></a>-Richtlinien zu lockern (nur Manifest V2): <ul> <li>Der Erweiterung zu erlauben, Skripte außerhalb ihres Pakets zu laden, indem Sie deren URL in der <a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src"><code>script-src</code></a>-Direktive angeben.</li> <li>Der Erweiterung zu erlauben, Inline-Skripte auszuführen, indem Sie <a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_inline_script">den Hash des Skripts in der <code>script-src</code>-Direktive</a> angeben.</li> <li>Der Erweiterung zu erlauben, <code>eval()</code> und ähnliche Funktionen zu verwenden, indem <code>'unsafe-eval'</code> in die <a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src"><code>script-src</code></a>-Direktive eingeschlossen wird.</li> </ul> </li> </ul> <p>Es gibt Einschränkungen hinsichtlich der Richtlinie, die Sie mit diesem Manifest-Schlüssel angeben können:</p> <ul> <li>Die <a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src"><code>script-src</code></a>-Direktive muss mindestens das Schlüsselwort <code>'self'</code> enthalten und darf nur sichere Quellen umfassen. Der Satz der erlaubten sicheren Quellen unterscheidet sich zwischen Manifest V2 und Manifest V3.</li> <li>Die Richtlinie darf <a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/default-src"><code>default-src</code></a> allein (ohne <a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src"><code>script-src</code></a>) enthalten, wenn deren Quellen die Anforderungen der <a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src"><code>script-src</code></a>-Direktive erfüllen.</li> <li>Das <a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/object-src"><code>object-src</code></a>-Schlüsselwort kann erforderlich sein; siehe <a href="#object-src-direktive">object-src-Direktive</a> für Details.</li> <li>Direktiven, die sich auf Code beziehen – <a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src"><code>script-src</code></a>, <a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src-elem"><code>script-src-elem</code></a>, <a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src"><code>worker-src</code></a> und <a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/default-src"><code>default-src</code></a> (wenn als Fallback verwendet) – teilen die gleichen Anforderungen an sichere Quellen. Es gibt keine Einschränkungen für CSP-Direktiven, die nicht skriptbezogene Inhalte abdecken, wie <a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/img-src"><code>img-src</code></a>.</li> </ul> <p>In Manifest V3 sind alle CSP-Quellen, die sich auf externe oder nicht statische Inhalte beziehen, verboten. Die einzigen zulässigen Werte sind <code>'none'</code>, <code>'self'</code> und <code>'wasm-unsafe-eval'</code>. In Manifest V2 wird eine Quelle für eine Skript-Direktive als sicher angesehen, wenn sie diese Kriterien erfüllt:</p> <ul> <li>Platzhalter-Hosts sind nicht zulässig, wie <code>"script-src 'self' *"</code>.</li> <li>Entfernte Quellen müssen <code>https:</code>-Schemata verwenden.</li> <li>Entfernte Quellen dürfen keine Platzhalter für Domains in der <a href="https://publicsuffix.org/list/" class="external" target="_blank">öffentlichen Suffixliste</a> verwenden (also sind <code>*.co.uk</code> und <code>*.blogspot.com</code> nicht erlaubt, obwohl <code>*.foo.blogspot.com</code> zulässig ist).</li> <li>Alle Quellen müssen einen Host spezifizieren.</li> <li>Die einzigen erlaubten Schemata für Quellen sind <code>blob:</code>, <code>filesystem:</code>, <code>moz-extension:</code>, <code>https:</code> und <code>wss:</code>.</li> <li>Die einzigen erlaubten <a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy#fetch_directive_syntax">Schlüsselwörter</a> sind: <code>'none'</code>, <code>'self'</code>, <code>'unsafe-eval'</code> und <code>'wasm-unsafe-eval'</code>.</li> </ul></div><section aria-labelledby="object-src-direktive"><h2 id="object-src-direktive"><a href="#object-src-direktive">object-src-Direktive</a></h2><div class="section-content"><p>Die <code><a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/object-src"><code>object-src</code></a></code>-Direktive kann in einigen Browsern erforderlich sein, die veraltete <a href="/de/docs/Glossary/Plugin">Plugins</a> unterstützen, und sollte bei Bedarf auf eine sichere Quelle wie <code>'none'</code> gesetzt werden. Dies kann bis 2022 für Browser notwendig sein.</p> <ul> <li>In Firefox ist <code>"object-src"</code> ab Firefox 106 optional. In früheren Versionen wird, wenn <code>"object-src"</code> nicht angegeben ist, <code>"content_security_policy"</code> ignoriert und die Standard-CSP verwendet.</li> <li>In Chrome ist <code>"object-src"</code> erforderlich. Wenn es fehlt oder als unsicher angesehen wird, wird der Standard (<code>"object-src 'self'"</code>) verwendet und eine Warnmeldung protokolliert.</li> <li>In Safari gibt es keine Anforderung für <code>"object-src"</code>.</li> </ul> <p>Siehe W3C WebExtensions Community Group <a href="https://github.com/w3c/webextensions/issues/204" class="external" target="_blank">Issue 204</a>, um object-src aus der CSP zu entfernen, für weitere Informationen.</p></div></section><section aria-labelledby="manifest_v2-syntax"><h2 id="manifest_v2-syntax"><a href="#manifest_v2-syntax">Manifest V2-Syntax</a></h2><div class="section-content"><p>In Manifest V2 gibt es eine Content Security Policy, die gegen den Schlüssel wie folgt angegeben wird:</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json notranslate"><code>"content_security_policy": "default-src 'self'" </code></pre></div></div></section><section aria-labelledby="manifest_v3-syntax"><h2 id="manifest_v3-syntax"><a href="#manifest_v3-syntax">Manifest V3-Syntax</a></h2><div class="section-content"><p>In Manifest V3 ist der <code>content_security_policy</code>-Schlüssel ein Objekt, das beliebige dieser Eigenschaften haben kann, alle optional:</p> <figure class="table-container"><table class="fullwidth-table standard-table"> <thead> <tr> <th scope="col">Name</th> <th scope="col">Typ</th> <th scope="col">Beschreibung</th> </tr> </thead> <tbody> <tr> <td><code>extension_pages</code></td> <td><code>String</code></td> <td> Die Content Security Policy für Erweiterungsseiten. Die <code>script-src</code>- und <code>worker-src</code>-Direktiven dürfen nur diese Werte haben: <ul> <li><code>'self'</code></li> <li><code>'none'</code></li> <li><code>'wasm-unsafe-eval'</code></li> </ul> </td> </tr> <tr> <td><code>sandbox</code></td> <td><code>String</code></td> <td> Die Content Security Policy für sandboxed Erweiterungsseiten. </td> </tr> </tbody> </table></figure></div></section><section aria-labelledby="beispiele"><h2 id="beispiele"><a href="#beispiele">Beispiele</a></h2><div class="section-content"></div></section><section aria-labelledby="gültige_beispiele"><h3 id="gültige_beispiele"><a href="#gültige_beispiele">Gültige Beispiele</a></h3><div class="section-content"><div class="notecard note"> <p><strong>Hinweis:</strong> Gültige Beispiele demonstrieren den korrekten Gebrauch von Schlüsseln in CSP. Erweiterungen mit 'unsafe-eval', Remote-Skript, Blob oder externen Quellen in ihrer CSP sind jedoch gemäß den <a href="https://extensionworkshop.com/documentation/publish/add-on-policies/" class="external" target="_blank">Add-on-Richtlinien</a> und aufgrund erheblicher Sicherheitsprobleme für Firefox-Erweiterungen nicht erlaubt.</p> </div> <div class="notecard note"> <p><strong>Hinweis:</strong> Einige Beispiele beinhalten die <code><a href="/de/docs/Web/HTTP/Headers/Content-Security-Policy/object-src"><code>object-src</code></a></code>-Direktive, die Rückwärtskompatibilität für ältere Browserversionen bietet. Siehe <a href="#object-src-direktive">object-src-Direktive</a> für weitere Details.</p> </div> <p>Erfordern, dass alle Arten von Inhalten mit der Erweiterung verpackt sein sollten:</p> <ul> <li> <p>Manifest V2</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json notranslate"><code>"content_security_policy": "default-src 'self'" </code></pre></div> </li> <li> <p>Manifest V3</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json notranslate"><code>"content_security_policy": { "extension_pages": "default-src 'self'" } </code></pre></div> </li> </ul> <p>Erlaube Remote-Skripte von "<a href="https://example.com" class="external" target="_blank">https://example.com</a>":</p> <ul> <li> <p>Manifest V2</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json notranslate"><code>"content_security_policy": "script-src 'self' https://example.com; object-src 'self'" </code></pre></div> </li> <li> <p>Manifest V3 erlaubt keine externen URLs in <code>script-src</code> von <code>extension_pages</code>.</p> </li> </ul> <p>Erlaubt Remote-Skripte von jedem Subdomain von "jquery.com":</p> <ul> <li> <p>Manifest V2</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json notranslate"><code>"content_security_policy": "script-src 'self' https://*.jquery.com; object-src 'self'" </code></pre></div> </li> <li> <p>Manifest V3 erlaubt keine externen URLs in <code>script-src</code> von <code>extension_pages</code>.</p> </li> </ul> <p>Erlaube <a href="/de/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy#eval%28%29_and_friends"><code>eval()</code> und Freunde</a>:</p> <ul> <li> <p>Manifest V2</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json notranslate"><code>"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self';" </code></pre></div> </li> <li> <p>Manifest V3 erlaubt <code>'unsafe-eval'</code> nicht in <code>script-src</code>.</p> </li> </ul> <p>Erlaubt das Inline-Skript: <code>"<script>alert('Hallo, Welt.');</script>"</code>:</p> <ul> <li> <p>Manifest V2</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json notranslate"><code>"content_security_policy": "script-src 'self' 'sha256-qznLcsROx4GACP2dm0UCKCzCG+HiZ1guq6ZZDob/Tng='; object-src 'self'" </code></pre></div> </li> <li> <p>Manifest V3 erlaubt keine CSP-Hashes in <code>script-src</code> von <code>extension_pages</code>.</p> </li> </ul> <p>Halten Sie den Rest der Richtlinie bei, erfordern jedoch auch, dass Bilder mit der Erweiterung verpackt sind:</p> <ul> <li> <p>Manifest V2</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json notranslate"><code>"content_security_policy": "script-src 'self'; object-src 'self'; img-src 'self'" </code></pre></div> </li> <li> <p>Manifest V3</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json notranslate"><code>"content_security_policy": { "extension_pages": "script-src 'self'; img-src 'self'" } </code></pre></div> </li> </ul> <p>Aktivieren Sie die Nutzung von <a href="/de/docs/WebAssembly">WebAssembly</a>:</p> <ul> <li> <p>Manifest V2</p> <p>Um die Rückwärtskompatibilität zu gewährleisten, können Manifest V2-Erweiterungen in Firefox WebAssembly ohne die Verwendung von <code>'wasm-unsafe-eval'</code> verwenden. Dieses Verhalten ist jedoch nicht garantiert. Siehe <a href="https://bugzil.la/1770909" class="external" target="_blank">Firefox Bug 1770909</a>. Erweiterungen, die WebAssembly verwenden, werden daher ermutigt, <code>'wasm-unsafe-eval'</code> in ihrer CSP zu deklarieren. Siehe <a href="/de/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy#webassembly">WebAssembly</a> auf der Content Security Policy-Seite für weitere Informationen.</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json notranslate"><code>"content_security_policy": "script-src 'self' 'wasm-unsafe-eval'" </code></pre></div> </li> <li> <p>Manifest V3</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json notranslate"><code>"content_security_policy": { "extension_pages": "script-src 'self' 'wasm-unsafe-eval'" } </code></pre></div> </li> </ul></div></section><section aria-labelledby="ungültige_beispiele"><h3 id="ungültige_beispiele"><a href="#ungültige_beispiele">Ungültige Beispiele</a></h3><div class="section-content"><p>Eine Richtlinie, die die <code>"object-src"</code>-Direktive weglässt:</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json example-bad notranslate"><code>"content_security_policy": "script-src 'self' https://*.jquery.com;" </code></pre></div> <p>Dies ist jedoch nur in Browsern ungültig, die veraltete <a href="/de/docs/Glossary/Plugin">Plugins</a> unterstützen. Weitere Details siehe <a href="#object-src-direktive">object-src-Direktive</a>.</p> <p>Eine Richtlinie, die das <code>"self"</code>-Schlüsselwort in der <code>"script-src"</code>-Direktive weglässt:</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json example-bad notranslate"><code>"content_security_policy": "script-src https://*.jquery.com; object-src 'self'" </code></pre></div> <p>Das Schema für eine entfernte Quelle ist nicht <code>https</code>:</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json example-bad notranslate"><code>"content_security_policy": "script-src 'self' http://code.jquery.com; object-src 'self'" </code></pre></div> <p>Es wird ein Platzhalter mit einer generischen Domain verwendet:</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json example-bad notranslate"><code>"content_security_policy": "script-src 'self' https://*.blogspot.com; object-src 'self'" </code></pre></div> <p>Quelle gibt ein Schema an, aber keinen Host:</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json example-bad notranslate"><code>"content_security_policy": "script-src 'self' https:; object-src 'self'" </code></pre></div> <p>Direktive enthält das nicht unterstützte Schlüsselwort <code>'unsafe-inline'</code>:</p> <div class="code-example"><div class="example-header"><span class="language-name">json</span></div><pre class="brush: json example-bad notranslate"><code>"content_security_policy": "script-src 'self' 'unsafe-inline'; object-src 'self'" </code></pre></div></div></section><h2 id="browser-kompatibilität"><a href="#browser-kompatibilität">Browser-Kompatibilität</a></h2><p>BCD tables only load in the browser<noscript> with JavaScript enabled. Enable JavaScript to view data.</noscript></p></article><aside class="article-footer"><div class="article-footer-inner"><div class="svg-container"><svg xmlns="http://www.w3.org/2000/svg" width="162" height="162" viewBox="0 0 162 162" fill="none" role="none"><mask id="b" fill="#fff"><path d="M97.203 47.04c8.113-7.886 18.004-13.871 28.906-17.492a78 78 0 0 1 33.969-3.39c11.443 1.39 22.401 5.295 32.024 11.411s17.656 14.28 23.476 23.86c5.819 9.579 9.269 20.318 10.083 31.385a69.85 69.85 0 0 1-5.387 32.44c-4.358 10.272-11.115 19.443-19.747 26.801-8.632 7.359-18.908 12.709-30.034 15.637l-6.17-21.698c7.666-2.017 14.746-5.703 20.694-10.773 5.948-5.071 10.603-11.389 13.606-18.467a48.14 48.14 0 0 0 3.712-22.352c-.561-7.625-2.938-15.025-6.948-21.625s-9.544-12.226-16.175-16.44-14.181-6.904-22.065-7.863a53.75 53.75 0 0 0-23.405 2.336c-7.513 2.495-14.327 6.62-19.918 12.053z"></path></mask><path stroke="url(#a)" stroke-dasharray="6, 6" stroke-width="2" d="M97.203 47.04c8.113-7.886 18.004-13.871 28.906-17.492a78 78 0 0 1 33.969-3.39c11.443 1.39 22.401 5.295 32.024 11.411s17.656 14.28 23.476 23.86c5.819 9.579 9.269 20.318 10.083 31.385a69.85 69.85 0 0 1-5.387 32.44c-4.358 10.272-11.115 19.443-19.747 26.801-8.632 7.359-18.908 12.709-30.034 15.637l-6.17-21.698c7.666-2.017 14.746-5.703 20.694-10.773 5.948-5.071 10.603-11.389 13.606-18.467a48.14 48.14 0 0 0 3.712-22.352c-.561-7.625-2.938-15.025-6.948-21.625s-9.544-12.226-16.175-16.44-14.181-6.904-22.065-7.863a53.75 53.75 0 0 0-23.405 2.336c-7.513 2.495-14.327 6.62-19.918 12.053z" mask="url(#b)" style="stroke:url(#a)" transform="translate(-63.992 -25.587)"></path><ellipse cx="8.066" cy="111.597" fill="var(--background-tertiary)" rx="53.677" ry="53.699" transform="matrix(.71707 -.697 .7243 .6895 0 0)"></ellipse><g clip-path="url(#c)" transform="translate(-63.992 -25.587)"><path fill="#9abff5" d="m144.256 137.379 32.906 12.434a4.41 4.41 0 0 1 2.559 5.667l-9.326 24.679a4.41 4.41 0 0 1-5.667 2.559l-8.226-3.108-2.332 6.17c-.466 1.233-.375 1.883-1.609 1.417l-2.253-.527c-.411-.155-.95-.594-1.206-1.161l-4.734-10.484-12.545-4.741a4.41 4.41 0 0 1-2.559-5.667l9.325-24.679a4.41 4.41 0 0 1 5.667-2.559m9.961 29.617 8.227 3.108 3.264-8.638-.498-6.768-4.113-1.555.548 7.258-4.319-1.632zm-12.339-4.663 8.226 3.108 3.264-8.637-.498-6.769-4.113-1.554.548 7.257-4.319-1.632z"></path></g><g clip-path="url(#d)" transform="translate(-63.992 -25.587)"><path fill="#81b0f3" d="M135.35 60.136 86.67 41.654c-3.346-1.27-7.124.428-8.394 3.775L64.414 81.938c-1.27 3.347.428 7.125 3.774 8.395l12.17 4.62-3.465 9.128c-.693 1.826-1.432 2.457.394 3.15l3.014 1.625c.609.231 1.637.274 2.477-.104l15.53-6.983 18.56 7.047c3.346 1.27 7.124-.428 8.395-3.775l13.862-36.51c1.27-3.346-.428-7.124-3.775-8.395M95.261 83.207l-12.17-4.62 4.852-12.779 7.19-7.017 6.085 2.31-7.725 7.51 6.389 2.426zm18.255 6.93-12.17-4.62 4.852-12.778 7.189-7.017 6.085 2.31-7.725 7.51 6.39 2.426z"></path></g><defs><clipPath id="c"><path fill="#fff" d="m198.638 146.586-65.056-24.583-24.583 65.057 65.056 24.582z"></path></clipPath><clipPath id="d"><path fill="#fff" d="m66.438 14.055 96.242 36.54-36.54 96.243-96.243-36.54z"></path></clipPath><linearGradient id="a" x1="97.203" x2="199.995" y1="47.04" y2="152.793" gradientUnits="userSpaceOnUse"><stop stop-color="#086DFC"></stop><stop offset="0.246" stop-color="#2C81FA"></stop><stop offset="0.516" stop-color="#5497F8"></stop><stop offset="0.821" stop-color="#80B0F6"></stop><stop offset="1" stop-color="#9ABFF5"></stop></linearGradient></defs></svg></div><h2>MDN-Feedback-Box</h2><fieldset class="feedback"><label>War diese Übersetzung hilfreich?</label><div class="button-container"><button type="button" class="button primary has-icon yes"><span class="button-wrap"><span class="icon icon-thumbs-up "></span>Ja</span></button><button type="button" class="button primary has-icon no"><span class="button-wrap"><span class="icon icon-thumbs-down "></span>Nein</span></button></div></fieldset><p class="last-modified-date">Diese Seite wurde automatisch aus dem Englischen übersetzt.</p><div id="on-github" class="on-github"><a href="https://github.com/mdn/translated-content-de/blob/main/files/de/mozilla/add-ons/webextensions/manifest.json/content_security_policy/index.md?plain=1" title="Folder: de/mozilla/add-ons/webextensions/manifest.json/content_security_policy (Opens in a new tab)" target="_blank" rel="noopener noreferrer">Übersetzung auf GitHub anzeigen</a> • <a href="https://github.com/mdn/translated-content-de/issues/new?template=page-report-de.yml&mdn-url=https%3A%2F%2Fdeveloper.mozilla.org%2Fde%2Fdocs%2FMozilla%2FAdd-ons%2FWebExtensions%2Fmanifest.json%2Fcontent_security_policy&metadata=%3C%21--+Do+not+make+changes+below+this+line+--%3E%0A%3Cdetails%3E%0A%3Csummary%3EPage+report+details%3C%2Fsummary%3E%0A%0A*+Folder%3A+%60de%2Fmozilla%2Fadd-ons%2Fwebextensions%2Fmanifest.json%2Fcontent_security_policy%60%0A*+MDN+URL%3A+https%3A%2F%2Fdeveloper.mozilla.org%2Fde%2Fdocs%2FMozilla%2FAdd-ons%2FWebExtensions%2Fmanifest.json%2Fcontent_security_policy%0A*+GitHub+URL%3A+https%3A%2F%2Fgithub.com%2Fmdn%2Ftranslated-content-de%2Fblob%2Fmain%2Ffiles%2Fde%2Fmozilla%2Fadd-ons%2Fwebextensions%2Fmanifest.json%2Fcontent_security_policy%2Findex.md%0A*+Last+commit%3A+https%3A%2F%2Fgithub.com%2Fmdn%2Ftranslated-content-de%2Fcommit%2F452fe502cfb4c9a91c346af17370ecfb6a8bd17e%0A*+Document+last+modified%3A+2025-02-17T00%3A20%3A27.000Z%0A%0A%3C%2Fdetails%3E" title="This will take you to GitHub to file a new issue." target="_blank" rel="noopener noreferrer">Fehler mit dieser Übersetzung melden</a></div></div></aside></main></div></div><footer id="nav-footer" class="page-footer"><div class="page-footer-grid"><div class="page-footer-logo-col"><a href="/" class="mdn-footer-logo" aria-label="MDN homepage"><svg width="48" height="17" viewBox="0 0 48 17" fill="none" xmlns="http://www.w3.org/2000/svg"><title id="mdn-footer-logo-svg">MDN logo</title><path d="M20.04 16.512H15.504V10.416C15.504 9.488 15.344 8.824 15.024 8.424C14.72 8.024 14.264 7.824 13.656 7.824C12.92 7.824 12.384 8.064 12.048 8.544C11.728 9.024 11.568 9.64 11.568 10.392V14.184H13.008V16.512H8.472V10.416C8.472 9.488 8.312 8.824 7.992 8.424C7.688 8.024 7.232 7.824 6.624 7.824C5.872 7.824 5.336 8.064 5.016 8.544C4.696 9.024 4.536 9.64 4.536 10.392V14.184H6.6V16.512H0V14.184H1.44V8.04H0.024V5.688H4.536V7.32C5.224 6.088 6.32 5.472 7.824 5.472C8.608 5.472 9.328 5.664 9.984 6.048C10.64 6.432 11.096 7.016 11.352 7.8C11.992 6.248 13.168 5.472 14.88 5.472C15.856 5.472 16.72 5.776 17.472 6.384C18.224 6.992 18.6 7.936 18.6 9.216V14.184H20.04V16.512Z" fill="currentColor"></path><path d="M33.6714 16.512H29.1354V14.496C28.8314 15.12 28.3834 15.656 27.7914 16.104C27.1994 16.536 26.4154 16.752 25.4394 16.752C24.0154 16.752 22.8954 16.264 22.0794 15.288C21.2634 14.312 20.8554 12.984 20.8554 11.304C20.8554 9.688 21.2554 8.312 22.0554 7.176C22.8554 6.04 24.0634 5.472 25.6794 5.472C26.5594 5.472 27.2794 5.648 27.8394 6C28.3994 6.352 28.8314 6.8 29.1354 7.344V2.352H26.9754V0H32.2314V14.184H33.6714V16.512ZM29.1354 11.04V10.776C29.1354 9.88 28.8954 9.184 28.4154 8.688C27.9514 8.176 27.3674 7.92 26.6634 7.92C25.9754 7.92 25.3674 8.176 24.8394 8.688C24.3274 9.2 24.0714 10.008 24.0714 11.112C24.0714 12.152 24.3114 12.944 24.7914 13.488C25.2714 14.032 25.8394 14.304 26.4954 14.304C27.3114 14.304 27.9514 13.96 28.4154 13.272C28.8954 12.584 29.1354 11.84 29.1354 11.04Z" fill="currentColor"></path><path d="M47.9589 16.512H41.9829V14.184H43.4229V10.416C43.4229 9.488 43.2629 8.824 42.9429 8.424C42.6389 8.024 42.1829 7.824 41.5749 7.824C40.8389 7.824 40.2709 8.056 39.8709 8.52C39.4709 8.968 39.2629 9.56 39.2469 10.296V14.184H40.6869V16.512H34.7109V14.184H36.1509V8.04H34.5909V5.688H39.2469V7.344C39.9669 6.096 41.1269 5.472 42.7269 5.472C43.7509 5.472 44.6389 5.776 45.3909 6.384C46.1429 6.992 46.5189 7.936 46.5189 9.216V14.184H47.9589V16.512Z" fill="currentColor"></path></svg></a><p>Your blueprint for a better internet.</p><ul class="social-icons"><li><a href="https://mastodon.social/@mdn" target="_blank" rel="me noopener noreferrer"><span class="icon icon-mastodon"></span><span class="visually-hidden">MDN on Mastodon</span></a></li><li><a href="https://twitter.com/mozdevnet" target="_blank" rel="noopener noreferrer"><span class="icon icon-twitter-x"></span><span class="visually-hidden">MDN on X (formerly Twitter)</span></a></li><li><a href="https://github.com/mdn/" target="_blank" rel="noopener noreferrer"><span class="icon icon-github-mark-small"></span><span class="visually-hidden">MDN on GitHub</span></a></li><li><a href="/en-US/blog/rss.xml" target="_blank"><span class="icon icon-feed"></span><span class="visually-hidden">MDN Blog RSS Feed</span></a></li></ul></div><div class="page-footer-nav-col-1"><h2 class="footer-nav-heading">MDN</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a href="/en-US/about">About</a></li><li class="footer-nav-item"><a href="/en-US/blog/">Blog</a></li><li class="footer-nav-item"><a href="https://www.mozilla.org/en-US/careers/listings/?team=ProdOps" target="_blank" rel="noopener noreferrer">Careers</a></li><li class="footer-nav-item"><a href="/en-US/advertising">Advertise with us</a></li></ul></div><div class="page-footer-nav-col-2"><h2 class="footer-nav-heading">Support</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a class="footer-nav-link" href="https://support.mozilla.org/products/mdn-plus">Product help</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/de/docs/MDN/Community/Issues">Report an issue</a></li></ul></div><div class="page-footer-nav-col-3"><h2 class="footer-nav-heading">Our communities</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a class="footer-nav-link" href="/en-US/community">MDN Community</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="https://discourse.mozilla.org/c/mdn/236" target="_blank" rel="noopener noreferrer">MDN Forum</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/discord" target="_blank" rel="noopener noreferrer">MDN Chat</a></li></ul></div><div class="page-footer-nav-col-4"><h2 class="footer-nav-heading">Developers</h2><ul class="footer-nav-list"><li class="footer-nav-item"><a class="footer-nav-link" href="/de/docs/Web">Web Technologies</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/de/docs/Learn">Learn Web Development</a></li><li class="footer-nav-item"><a class="footer-nav-link" href="/de/plus">MDN Plus</a></li><li class="footer-nav-item"><a href="https://hacks.mozilla.org/" target="_blank" rel="noopener noreferrer">Hacks Blog</a></li></ul></div><div class="page-footer-moz"><a href="https://www.mozilla.org/" class="footer-moz-logo-link" target="_blank" rel="noopener noreferrer"><svg xmlns="http://www.w3.org/2000/svg" width="137" height="32" fill="none" viewBox="0 0 267.431 62.607"><path fill="currentColor" d="m13.913 23.056 5.33 25.356h2.195l5.33-25.356h14.267v38.976h-7.578V29.694h-2.194l-7.264 32.337h-7.343L9.418 29.694H7.223v32.337H-.354V23.056Zm47.137 9.123c9.12 0 14.423 5.385 14.423 15.214s-5.33 15.214-14.423 15.214c-9.12 0-14.423-5.385-14.423-15.214 0-9.855 5.304-15.214 14.423-15.214m0 24.363c4.285 0 6.428-2.196 6.428-7.032v-4.287c0-4.836-2.143-7.032-6.428-7.032s-6.428 2.196-6.428 7.032v4.287c0 4.836 2.143 7.032 6.428 7.032m18.473-.157 15.47-18.01h-15.26v-5.647h24.352v5.646L88.616 56.385h15.704v5.646H79.523Zm29.318-23.657h11.183V62.03h-7.578V38.375h-3.632v-5.646zm3.605-9.672h7.578v5.646h-7.578zm13.17 0h11.21v38.976h-7.578v-33.33h-3.632zm16.801 0H153.6v38.976h-7.577v-33.33h-3.632v-5.646zm29.03 9.123c4.442 0 7.394 2.143 8.231 5.881h2.194v-5.332h9.276v5.646h-3.632v18.011h3.632v5.646h-4.442c-3.135 0-4.834-1.699-4.834-4.836V56.7h-2.194c-.81 3.738-3.789 5.881-8.23 5.881-6.978 0-11.916-5.829-11.916-15.214 0-9.384 4.938-15.187 11.915-15.187m2.3 24.363c4.284 0 6.192-2.196 6.192-7.032v-4.287c0-4.836-1.908-7.032-6.193-7.032-4.18 0-6.193 2.196-6.193 7.032v4.287c0 4.836 2.012 7.032 6.193 7.032m48.34 5.489h-7.577V0h7.577zm6.585-29.643h32.165v-2.196l-21.295-7.634v-6.143l21.295-7.633V6.588h-25.345V0h32.165v12.522l-17.35 5.881V20.6l17.35 5.882v12.521h-38.985zm0-25.801h6.794v6.796h-6.794z"></path></svg></a><ul class="footer-moz-list"><li class="footer-moz-item"><a href="https://www.mozilla.org/privacy/websites/" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Website Privacy Notice</a></li><li class="footer-moz-item"><a href="https://www.mozilla.org/privacy/websites/#cookies" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Cookies</a></li><li class="footer-moz-item"><a href="https://www.mozilla.org/about/legal/terms/mozilla" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Legal</a></li><li class="footer-moz-item"><a href="https://www.mozilla.org/about/governance/policies/participation/" class="footer-moz-link" target="_blank" rel="noopener noreferrer">Community Participation Guidelines</a></li></ul></div><div class="page-footer-legal"><p id="license" class="page-footer-legal-text">Visit <a href="https://www.mozilla.org" target="_blank" rel="noopener noreferrer">Mozilla Corporation’s</a> not-for-profit parent, the <a target="_blank" rel="noopener noreferrer" href="https://foundation.mozilla.org/">Mozilla Foundation</a>.<br/>Portions of this content are ©1998–2025 by individual mozilla.org contributors. Content available under <a href="/de/docs/MDN/Writing_guidelines/Attrib_copyright_license">a Creative Commons license</a>.</p></div></div></footer></div><script type="application/json" id="hydration">{"url":"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy","doc":{"body":[{"type":"prose","value":{"id":null,"title":null,"isH3":false,"content":"<figure class=\"table-container\"><table class=\"fullwidth-table standard-table\">\n <tbody>\n <tr>\n <th scope=\"row\">Typ</th>\n <td><code>String</code></td>\n </tr>\n <tr>\n <th scope=\"row\">Verpflichtend</th>\n <td>Nein</td>\n </tr>\n <tr>\n <th scope=\"row\">Manifest-Version</th>\n <td>2 oder höher</td>\n </tr>\n <tr>\n <th scope=\"row\">Beispiel</th>\n <td>\n Manifest V2:\n <div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json notranslate\"><code>\"content_security_policy\": \"default-src 'self'\"</code></pre></div>\n Manifest V3:\n <div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json notranslate\"><code>\"content_security_policy\": {\n \"extension_pages\": \"default-src 'self'\"\n}</code></pre></div>\n </td>\n </tr>\n </tbody>\n</table></figure>\n<p>Erweiterungen haben standardmäßig eine Content Security Policy (CSP), die auf sie angewendet wird. Die Standardrichtlinie beschränkt die Quellen, von denen Erweiterungen Code laden können (wie z.B. <a href=\"/de/docs/Web/HTML/Element/script\"><code><script></code></a>-Ressourcen), und verbietet potenziell unsichere Praktiken wie die Verwendung von <a href=\"/de/docs/Web/JavaScript/Reference/Global_Objects/eval\"><code>eval()</code></a>. Weitere Informationen zu den Auswirkungen finden Sie unter <a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy#default_content_security_policy\">Standard-Content-Sicherheitsrichtlinie</a>.</p>\n<p>Sie können den Manifest-Schlüssel <code>\"content_security_policy\"</code> verwenden, um die Standardrichtlinie zu lockern oder zu verschärfen. Dieser Schlüssel wird in gleicher Weise wie der Content-Security-Policy HTTP-Header angegeben. Siehe <a href=\"/de/docs/Web/HTTP/CSP\">Verwendung der Content Security Policy</a> für eine allgemeine Beschreibung der CSP-Syntax.</p>\n<p>Beispielsweise können Sie diesen Schlüssel verwenden, um:</p>\n<ul>\n<li>Zulässige Quellen für andere Arten von Inhalten wie Bilder und Stylesheets mit der entsprechenden <a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy\">Policy-Direktive</a> zu beschränken.</li>\n<li>Der Erweiterung zu ermöglichen, <a href=\"/de/docs/WebAssembly\">WebAssembly</a> zu nutzen, indem die Quelle <code>'wasm-unsafe-eval'</code> in die <code>script-src</code>-Direktive aufgenommen wird.</li>\n<li>Die Standard-<a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src\"><code>script-src</code></a>-Richtlinien zu lockern (nur Manifest V2):\n<ul>\n<li>Der Erweiterung zu erlauben, Skripte außerhalb ihres Pakets zu laden, indem Sie deren URL in der <a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src\"><code>script-src</code></a>-Direktive angeben.</li>\n<li>Der Erweiterung zu erlauben, Inline-Skripte auszuführen, indem Sie <a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_inline_script\">den Hash des Skripts in der <code>script-src</code>-Direktive</a> angeben.</li>\n<li>Der Erweiterung zu erlauben, <code>eval()</code> und ähnliche Funktionen zu verwenden, indem <code>'unsafe-eval'</code> in die <a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src\"><code>script-src</code></a>-Direktive eingeschlossen wird.</li>\n</ul>\n</li>\n</ul>\n<p>Es gibt Einschränkungen hinsichtlich der Richtlinie, die Sie mit diesem Manifest-Schlüssel angeben können:</p>\n<ul>\n<li>Die <a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src\"><code>script-src</code></a>-Direktive muss mindestens das Schlüsselwort <code>'self'</code> enthalten und darf nur sichere Quellen umfassen. Der Satz der erlaubten sicheren Quellen unterscheidet sich zwischen Manifest V2 und Manifest V3.</li>\n<li>Die Richtlinie darf <a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/default-src\"><code>default-src</code></a> allein (ohne <a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src\"><code>script-src</code></a>) enthalten, wenn deren Quellen die Anforderungen der <a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src\"><code>script-src</code></a>-Direktive erfüllen.</li>\n<li>Das <a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/object-src\"><code>object-src</code></a>-Schlüsselwort kann erforderlich sein; siehe <a href=\"#object-src-direktive\">object-src-Direktive</a> für Details.</li>\n<li>Direktiven, die sich auf Code beziehen – <a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src\"><code>script-src</code></a>, <a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/script-src-elem\"><code>script-src-elem</code></a>, <a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src\"><code>worker-src</code></a> und <a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/default-src\"><code>default-src</code></a> (wenn als Fallback verwendet) – teilen die gleichen Anforderungen an sichere Quellen. Es gibt keine Einschränkungen für CSP-Direktiven, die nicht skriptbezogene Inhalte abdecken, wie <a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/img-src\"><code>img-src</code></a>.</li>\n</ul>\n<p>In Manifest V3 sind alle CSP-Quellen, die sich auf externe oder nicht statische Inhalte beziehen, verboten. Die einzigen zulässigen Werte sind <code>'none'</code>, <code>'self'</code> und <code>'wasm-unsafe-eval'</code>.\nIn Manifest V2 wird eine Quelle für eine Skript-Direktive als sicher angesehen, wenn sie diese Kriterien erfüllt:</p>\n<ul>\n<li>Platzhalter-Hosts sind nicht zulässig, wie <code>\"script-src 'self' *\"</code>.</li>\n<li>Entfernte Quellen müssen <code>https:</code>-Schemata verwenden.</li>\n<li>Entfernte Quellen dürfen keine Platzhalter für Domains in der <a href=\"https://publicsuffix.org/list/\" class=\"external\" target=\"_blank\">öffentlichen Suffixliste</a> verwenden (also sind <code>*.co.uk</code> und <code>*.blogspot.com</code> nicht erlaubt, obwohl <code>*.foo.blogspot.com</code> zulässig ist).</li>\n<li>Alle Quellen müssen einen Host spezifizieren.</li>\n<li>Die einzigen erlaubten Schemata für Quellen sind <code>blob:</code>, <code>filesystem:</code>, <code>moz-extension:</code>, <code>https:</code> und <code>wss:</code>.</li>\n<li>Die einzigen erlaubten <a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy#fetch_directive_syntax\">Schlüsselwörter</a> sind: <code>'none'</code>, <code>'self'</code>, <code>'unsafe-eval'</code> und <code>'wasm-unsafe-eval'</code>.</li>\n</ul>"}},{"type":"prose","value":{"id":"object-src-direktive","title":"object-src-Direktive","isH3":false,"content":"<p>Die <code><a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/object-src\"><code>object-src</code></a></code>-Direktive kann in einigen Browsern erforderlich sein, die veraltete <a href=\"/de/docs/Glossary/Plugin\">Plugins</a> unterstützen, und sollte bei Bedarf auf eine sichere Quelle wie <code>'none'</code> gesetzt werden. Dies kann bis 2022 für Browser notwendig sein.</p>\n<ul>\n<li>In Firefox ist <code>\"object-src\"</code> ab Firefox 106 optional. In früheren Versionen wird, wenn <code>\"object-src\"</code> nicht angegeben ist, <code>\"content_security_policy\"</code> ignoriert und die Standard-CSP verwendet.</li>\n<li>In Chrome ist <code>\"object-src\"</code> erforderlich. Wenn es fehlt oder als unsicher angesehen wird, wird der Standard (<code>\"object-src 'self'\"</code>) verwendet und eine Warnmeldung protokolliert.</li>\n<li>In Safari gibt es keine Anforderung für <code>\"object-src\"</code>.</li>\n</ul>\n<p>Siehe W3C WebExtensions Community Group <a href=\"https://github.com/w3c/webextensions/issues/204\" class=\"external\" target=\"_blank\">Issue 204</a>, um object-src aus der CSP zu entfernen, für weitere Informationen.</p>"}},{"type":"prose","value":{"id":"manifest_v2-syntax","title":"Manifest V2-Syntax","isH3":false,"content":"<p>In Manifest V2 gibt es eine Content Security Policy, die gegen den Schlüssel wie folgt angegeben wird:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json notranslate\"><code>\"content_security_policy\": \"default-src 'self'\"\n</code></pre></div>"}},{"type":"prose","value":{"id":"manifest_v3-syntax","title":"Manifest V3-Syntax","isH3":false,"content":"<p>In Manifest V3 ist der <code>content_security_policy</code>-Schlüssel ein Objekt, das beliebige dieser Eigenschaften haben kann, alle optional:</p>\n<figure class=\"table-container\"><table class=\"fullwidth-table standard-table\">\n <thead>\n <tr>\n <th scope=\"col\">Name</th>\n <th scope=\"col\">Typ</th>\n <th scope=\"col\">Beschreibung</th>\n </tr>\n </thead>\n <tbody>\n <tr>\n <td><code>extension_pages</code></td>\n <td><code>String</code></td>\n <td>\n Die Content Security Policy für Erweiterungsseiten. Die <code>script-src</code>- und <code>worker-src</code>-Direktiven dürfen nur diese Werte haben:\n <ul>\n <li><code>'self'</code></li>\n <li><code>'none'</code></li>\n <li><code>'wasm-unsafe-eval'</code></li>\n </ul>\n </td>\n </tr>\n <tr>\n <td><code>sandbox</code></td>\n <td><code>String</code></td>\n <td>\n Die Content Security Policy für sandboxed Erweiterungsseiten.\n </td>\n </tr>\n </tbody>\n</table></figure>"}},{"type":"prose","value":{"id":"beispiele","title":"Beispiele","isH3":false,"content":""}},{"type":"prose","value":{"id":"gültige_beispiele","title":"Gültige Beispiele","isH3":true,"content":"<div class=\"notecard note\">\n<p><strong>Hinweis:</strong>\nGültige Beispiele demonstrieren den korrekten Gebrauch von Schlüsseln in CSP.\nErweiterungen mit 'unsafe-eval', Remote-Skript, Blob oder externen Quellen in ihrer CSP sind jedoch gemäß den <a href=\"https://extensionworkshop.com/documentation/publish/add-on-policies/\" class=\"external\" target=\"_blank\">Add-on-Richtlinien</a> und aufgrund erheblicher Sicherheitsprobleme für Firefox-Erweiterungen nicht erlaubt.</p>\n</div>\n<div class=\"notecard note\">\n<p><strong>Hinweis:</strong>\nEinige Beispiele beinhalten die <code><a href=\"/de/docs/Web/HTTP/Headers/Content-Security-Policy/object-src\"><code>object-src</code></a></code>-Direktive, die Rückwärtskompatibilität für ältere Browserversionen bietet. Siehe <a href=\"#object-src-direktive\">object-src-Direktive</a> für weitere Details.</p>\n</div>\n<p>Erfordern, dass alle Arten von Inhalten mit der Erweiterung verpackt sein sollten:</p>\n<ul>\n<li>\n<p>Manifest V2</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json notranslate\"><code>\"content_security_policy\": \"default-src 'self'\"\n</code></pre></div>\n</li>\n<li>\n<p>Manifest V3</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json notranslate\"><code>\"content_security_policy\": {\n \"extension_pages\": \"default-src 'self'\"\n}\n</code></pre></div>\n</li>\n</ul>\n<p>Erlaube Remote-Skripte von \"<a href=\"https://example.com\" class=\"external\" target=\"_blank\">https://example.com</a>\":</p>\n<ul>\n<li>\n<p>Manifest V2</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json notranslate\"><code>\"content_security_policy\": \"script-src 'self' https://example.com; object-src 'self'\"\n</code></pre></div>\n</li>\n<li>\n<p>Manifest V3 erlaubt keine externen URLs in <code>script-src</code> von <code>extension_pages</code>.</p>\n</li>\n</ul>\n<p>Erlaubt Remote-Skripte von jedem Subdomain von \"jquery.com\":</p>\n<ul>\n<li>\n<p>Manifest V2</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json notranslate\"><code>\"content_security_policy\": \"script-src 'self' https://*.jquery.com; object-src 'self'\"\n</code></pre></div>\n</li>\n<li>\n<p>Manifest V3 erlaubt keine externen URLs in <code>script-src</code> von <code>extension_pages</code>.</p>\n</li>\n</ul>\n<p>Erlaube <a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy#eval%28%29_and_friends\"><code>eval()</code> und Freunde</a>:</p>\n<ul>\n<li>\n<p>Manifest V2</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json notranslate\"><code>\"content_security_policy\": \"script-src 'self' 'unsafe-eval'; object-src 'self';\"\n</code></pre></div>\n</li>\n<li>\n<p>Manifest V3 erlaubt <code>'unsafe-eval'</code> nicht in <code>script-src</code>.</p>\n</li>\n</ul>\n<p>Erlaubt das Inline-Skript: <code>\"<script>alert('Hallo, Welt.');</script>\"</code>:</p>\n<ul>\n<li>\n<p>Manifest V2</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json notranslate\"><code>\"content_security_policy\": \"script-src 'self' 'sha256-qznLcsROx4GACP2dm0UCKCzCG+HiZ1guq6ZZDob/Tng='; object-src 'self'\"\n</code></pre></div>\n</li>\n<li>\n<p>Manifest V3 erlaubt keine CSP-Hashes in <code>script-src</code> von <code>extension_pages</code>.</p>\n</li>\n</ul>\n<p>Halten Sie den Rest der Richtlinie bei, erfordern jedoch auch, dass Bilder mit der Erweiterung verpackt sind:</p>\n<ul>\n<li>\n<p>Manifest V2</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json notranslate\"><code>\"content_security_policy\": \"script-src 'self'; object-src 'self'; img-src 'self'\"\n</code></pre></div>\n</li>\n<li>\n<p>Manifest V3</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json notranslate\"><code>\"content_security_policy\": {\n \"extension_pages\": \"script-src 'self'; img-src 'self'\"\n}\n</code></pre></div>\n</li>\n</ul>\n<p>Aktivieren Sie die Nutzung von <a href=\"/de/docs/WebAssembly\">WebAssembly</a>:</p>\n<ul>\n<li>\n<p>Manifest V2</p>\n<p>Um die Rückwärtskompatibilität zu gewährleisten, können Manifest V2-Erweiterungen in Firefox WebAssembly ohne die Verwendung von <code>'wasm-unsafe-eval'</code> verwenden. Dieses Verhalten ist jedoch nicht garantiert. Siehe <a href=\"https://bugzil.la/1770909\" class=\"external\" target=\"_blank\">Firefox Bug 1770909</a>. Erweiterungen, die WebAssembly verwenden, werden daher ermutigt, <code>'wasm-unsafe-eval'</code> in ihrer CSP zu deklarieren. Siehe <a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy#webassembly\">WebAssembly</a> auf der Content Security Policy-Seite für weitere Informationen.</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json notranslate\"><code>\"content_security_policy\": \"script-src 'self' 'wasm-unsafe-eval'\"\n</code></pre></div>\n</li>\n<li>\n<p>Manifest V3</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json notranslate\"><code>\"content_security_policy\": {\n \"extension_pages\": \"script-src 'self' 'wasm-unsafe-eval'\"\n}\n</code></pre></div>\n</li>\n</ul>"}},{"type":"prose","value":{"id":"ungültige_beispiele","title":"Ungültige Beispiele","isH3":true,"content":"<p>Eine Richtlinie, die die <code>\"object-src\"</code>-Direktive weglässt:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json example-bad notranslate\"><code>\"content_security_policy\": \"script-src 'self' https://*.jquery.com;\"\n</code></pre></div>\n<p>Dies ist jedoch nur in Browsern ungültig, die veraltete <a href=\"/de/docs/Glossary/Plugin\">Plugins</a> unterstützen. Weitere Details siehe <a href=\"#object-src-direktive\">object-src-Direktive</a>.</p>\n<p>Eine Richtlinie, die das <code>\"self\"</code>-Schlüsselwort in der <code>\"script-src\"</code>-Direktive weglässt:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json example-bad notranslate\"><code>\"content_security_policy\": \"script-src https://*.jquery.com; object-src 'self'\"\n</code></pre></div>\n<p>Das Schema für eine entfernte Quelle ist nicht <code>https</code>:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json example-bad notranslate\"><code>\"content_security_policy\": \"script-src 'self' http://code.jquery.com; object-src 'self'\"\n</code></pre></div>\n<p>Es wird ein Platzhalter mit einer generischen Domain verwendet:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json example-bad notranslate\"><code>\"content_security_policy\": \"script-src 'self' https://*.blogspot.com; object-src 'self'\"\n</code></pre></div>\n<p>Quelle gibt ein Schema an, aber keinen Host:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json example-bad notranslate\"><code>\"content_security_policy\": \"script-src 'self' https:; object-src 'self'\"\n</code></pre></div>\n<p>Direktive enthält das nicht unterstützte Schlüsselwort <code>'unsafe-inline'</code>:</p>\n<div class=\"code-example\"><div class=\"example-header\"><span class=\"language-name\">json</span></div><pre class=\"brush: json example-bad notranslate\"><code>\"content_security_policy\": \"script-src 'self' 'unsafe-inline'; object-src 'self'\"\n</code></pre></div>"}},{"type":"browser_compatibility","value":{"id":"browser-kompatibilität","title":"Browser-Kompatibilität","isH3":false,"query":"webextensions.manifest.content_security_policy"}}],"isActive":true,"isMarkdown":true,"isTranslated":true,"locale":"de","mdn_url":"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy","modified":"2025-02-17T00:20:27.000Z","native":"Deutsch","noIndexing":false,"other_translations":[{"locale":"en-US","title":"content_security_policy","native":"English (US)"},{"locale":"fr","title":"content_security_policy","native":"Français"},{"locale":"ja","title":"content_security_policy","native":"日本語"},{"locale":"ru","title":"content_security_policy","native":"Русский"}],"pageTitle":"content_security_policy - Mozilla | MDN","parents":[{"uri":"/de/docs/Mozilla","title":"Mozilla"},{"uri":"/de/docs/Mozilla/Add-ons","title":"Add-ons"},{"uri":"/de/docs/Mozilla/Add-ons/WebExtensions","title":"Browsererweiterungen"},{"uri":"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json","title":"manifest.json"},{"uri":"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy","title":"content_security_policy"}],"popularity":null,"short_title":"content_security_policy","sidebarHTML":"<ol><li class=\"section\"><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions\">Browsererweiterungen</a></li><li class=\"toggle\"><details><summary>Erste Schritte</summary><ol><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/What_are_WebExtensions\">Was sind Erweiterungen?</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Your_first_WebExtension\">Ihre erste Erweiterung</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Your_second_WebExtension\">Ihre zweite Erweiterung</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Anatomy_of_a_WebExtension\">Anatomie einer Erweiterung</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Examples\">Beispielerweiterungen</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/What_next\">Was nun?</a></li></ol></details></li><li class=\"toggle\"><details><summary>Konzepte</summary><ol><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API\">JavaScript-APIs</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Content_scripts\">Inhaltsskripte</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Background_scripts\">Hintergrundskripte</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Match_patterns\">Match patterns</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Working_with_files\">Arbeiten mit Dateien</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Internationalization\">Internationalisierung</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy\">Content Security Policy</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Native_messaging\">Native Messaging</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Differences_between_API_implementations\">Unterschiede zwischen API-Implementierungen</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Chrome_incompatibilities\">Chrome-Inkompatibilitäten</a></li></ol></details></li><li class=\"toggle\"><details><summary>Benutzeroberfläche</summary><ol><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/user_interface\">Benutzeroberfläche</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Toolbar_button\">Toolbar-Button</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Page_actions\">Adressleisten-Schaltfläche</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Sidebars\">Seitenleisten</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Context_menu_items\">Kontextmenüelemente</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Options_pages\">Options page</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Extension_pages\">Erweiterungsseiten</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Notifications\">Notifications</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/Omnibox\">Address bar suggestions</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/user_interface/devtools_panels\">devtools panels</a></li></ol></details></li><li class=\"toggle\"><details><summary>Anleitungen</summary><ol><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Intercept_HTTP_requests\">HTTP-Anfragen abfangen</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Modify_a_web_page\">Eine Webseite modifizieren</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Safely_inserting_external_content_into_a_page\">Externe Inhalte einfügen</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Sharing_objects_with_page_scripts\">Objekte mit Seitenskripts teilen</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Add_a_button_to_the_toolbar\">Einen Button zur Toolbar hinzufügen</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Implement_a_settings_page\">Implementieren einer Einstellungsseite</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Working_with_the_Tabs_API\">Arbeiten mit der Tabs-API</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Work_with_the_Bookmarks_API\">Arbeiten mit der Bookmarks API</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Work_with_the_Cookies_API\">Arbeiten mit der Cookies-API</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Work_with_contextual_identities\">Arbeiten mit kontextbezogenen Identitäten</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Interact_with_the_clipboard\">Interagieren mit der Zwischenablage</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Extending_the_developer_tools\">Erweiterung der Entwicklerwerkzeuge</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Build_a_cross_browser_extension\">Erstellen Sie eine plattformübergreifende Browser-Erweiterung</a></li></ol></details></li><li class=\"toggle\"><details><summary>JavaScript-APIs</summary><ol><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/Browser_support_for_JavaScript_APIs\">Browser-Kompatibilität für JavaScript-APIs</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/action\">action</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/alarms\">alarms</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/bookmarks\">bookmarks</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/browserAction\">browserAction</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/browserSettings\">browserSettings</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/browsingData\">browsingData</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/captivePortal\">captivePortal</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/clipboard\">clipboard</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/commands\">commands</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/contentScripts\">contentScripts</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/contextualIdentities\">contextualIdentities</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/cookies\">cookies</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/declarativeNetRequest\">declarativeNetRequest</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/devtools\">devtools</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/dns\">dns</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/dom\">dom</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/downloads\">downloads</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/events\">events</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/extension\">extension</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/extensionTypes\">extensionTypes</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/find\">find</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/history\">history</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/i18n\">i18n</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/identity\">identity</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/idle\">idle</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/management\">management</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/menus\">menus</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/notifications\">notifications</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/omnibox\">omnibox</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/pageAction\">pageAction</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/permissions\">permissions</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/pkcs11\">pkcs11</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/privacy\">privacy</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/proxy\">proxy</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/runtime\">runtime</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/scripting\">scripting</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/search\">search</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/sessions\">sessions</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/sidebarAction\">sidebarAction</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/storage\">storage</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/tabs\">tabs</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/theme\">theme</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/topSites\">topSites</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/types\">types</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/userScripts\">userScripts</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/webNavigation\">webNavigation</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/webRequest\">webRequest</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/API/windows\">windows</a></li></ol></details></li><li class=\"toggle\"><details open=\"\"><summary>Manifest-Schlüssel</summary><ol><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/action\">action</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/author\">author</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/background\">background</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/browser_action\">browser_action</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/browser_specific_settings\">browser_specific_settings</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/chrome_settings_overrides\">chrome_settings_overrides</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/chrome_url_overrides\">chrome_url_overrides</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/commands\">commands</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_scripts\">content_scripts</a></li><li><em><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy\" aria-current=\"page\">content_security_policy</a></em></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/declarative_net_request\">declarative_net_request</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/default_locale\">default_locale</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/description\">description</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/developer\">developer</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/devtools_page\">devtools_page</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/dictionaries\">dictionaries</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/externally_connectable\">externally_connectable</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/homepage_url\">homepage_url</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/host_permissions\">host_permissions</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/icons\">icons</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/incognito\">incognito</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/manifest_version\">manifest_version</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/name\">name</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/offline_enabled\">offline_enabled</a><abbr class=\"icon icon-deprecated\" title=\"Veraltet. Nicht empfohlen für neue Webseiten.\">\n<span class=\"visually-hidden\">Veraltet</span>\n</abbr></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/omnibox\">omnibox</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/optional_host_permissions\">optional_host_permissions</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/optional_permissions\">optional_permissions</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/options_page\">options_page</a><abbr class=\"icon icon-deprecated\" title=\"Veraltet. Nicht empfohlen für neue Webseiten.\">\n<span class=\"visually-hidden\">Veraltet</span>\n</abbr></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/options_ui\">options_ui</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/page_action\">page_action</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions\">permissions</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/protocol_handlers\">protocol_handlers</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/short_name\">short_name</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/sidebar_action\">sidebar_action</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/storage\">storage</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/theme\">theme</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/theme_experiment\">theme_experiment</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/user_scripts\">user_scripts</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/version\">version</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/version_name\">version_name</a></li><li><a href=\"/de/docs/Mozilla/Add-ons/WebExtensions/manifest.json/web_accessible_resources\">web_accessible_resources</a></li></ol></details></li><li class=\"toggle\"><details><summary>Erweiterungs-Workshop</summary><ol><li><a href=\"https://extensionworkshop.com/documentation/develop/\" class=\"external\" target=\"_blank\">Entwickeln</a></li><li><a href=\"https://extensionworkshop.com/documentation/publish/\" class=\"external\" target=\"_blank\">Veröffentlichen</a></li><li><a href=\"https://extensionworkshop.com/documentation/manage/\" class=\"external\" target=\"_blank\">Verwalten</a></li><li><a href=\"https://extensionworkshop.com/documentation/enterprise/\" class=\"external\" target=\"_blank\">Unternehmen</a></li></ol></details></li><li class=\"section\"><a href=\"/de/docs/Mozilla/Add-ons/Contact_us\">Kontaktieren Sie uns</a></li><li class=\"toggle\"><details><summary>Kanäle</summary><ol><li><a href=\"https://blog.mozilla.org/addons\" class=\"external\" target=\"_blank\">Add-ons Blog</a></li><li><a href=\"https://discourse.mozilla.org/c/add-ons\" class=\"external\" target=\"_blank\">Add-ons Forum</a></li><li><a href=\"https://chat.mozilla.org/#/room/%23addons:mozilla.org\" class=\"external\" target=\"_blank\">Add-ons Chat</a></li></ol></details></li></ol>","source":{"folder":"de/mozilla/add-ons/webextensions/manifest.json/content_security_policy","github_url":"https://github.com/mdn/translated-content-de/blob/main/files/de/mozilla/add-ons/webextensions/manifest.json/content_security_policy/index.md","last_commit_url":"https://github.com/mdn/translated-content-de/commit/452fe502cfb4c9a91c346af17370ecfb6a8bd17e","filename":"index.md"},"summary":"Erweiterungen haben standardmäßig eine Content Security Policy (CSP), die auf sie angewendet wird. Die Standardrichtlinie beschränkt die Quellen, von denen Erweiterungen Code laden können (wie z.B. \u003cscript>-Ressourcen), und verbietet potenziell unsichere Praktiken wie die Verwendung von eval(). Weitere Informationen zu den Auswirkungen finden Sie unter Standard-Content-Sicherheitsrichtlinie.","title":"content_security_policy","toc":[{"text":"object-src-Direktive","id":"object-src-direktive"},{"text":"Manifest V2-Syntax","id":"manifest_v2-syntax"},{"text":"Manifest V3-Syntax","id":"manifest_v3-syntax"},{"text":"Beispiele","id":"beispiele"},{"text":"Browser-Kompatibilität","id":"browser-kompatibilität"}],"browserCompat":["webextensions.manifest.content_security_policy"],"pageType":"webextension-manifest-key"}}</script></body></html>