S. V. Acker, D. Hausknecht, and A. Sabelfeld, Data Exfiltration in the Face of CSP, Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp.853-864, 2016.

S. Calzavara, A. Rabitti, and M. Bugliesi, Content Security Problems?, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS'16, pp.1365-1375
DOI : 10.1007/978-3-319-11379-1_11

A. Doupé, W. Cui, M. H. Jakubowski, M. Peinado, C. Kruegel et al., deDacota, Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, CCS '13, pp.1205-1216, 2013.
DOI : 10.1145/2508859.2516708

D. Hausknecht, J. Magazinius, and A. Sabelfeld, May I? - Content Security Policy Endorsement for Browser Extensions, Detection of Intrusions and Malware, and Vulnerability Assessment -12th International Conference Proceedings, volume 9148 of Lecture Notes in Computer Science, pp.261-281, 2015.
DOI : 10.1007/978-3-319-20550-2_14

URL : http://www.cse.chalmers.se/%7Eandrei/dimva15.pdf

C. Jackson and A. Barth, Beware of Finer-Grained Origins, Web 2.0 Security and Privacy, 2008.
DOI : 10.1007/978-1-349-13729-9_23

A. Javed, CSP Aider: An Automated Recommendation of Content Security Policy for Web Applications, IEEE Oakland Web 2.0 Security and Privacy (W2SP'12), 2012.

M. Johns, PreparedJS: Secure Script-Templates for JavaScript, Detection of Intrusions and Malware, and Vulnerability Assessment -10th International Conference, DIMVA 2013 Proceedings, pp.102-121, 2013.
DOI : 10.1007/978-3-642-39235-1_6

C. Kerschbaumer, S. Stamm, and S. Brunthaler, Injecting CSP for Fun and Security, Proceedings of the 2nd International Conference on Information Systems Security and Privacy, pp.15-25, 2016.
DOI : 10.5220/0005650100150025

X. Pan, Y. Cao, S. Liu, Y. Zhou, Y. Chen et al., CSPAutoGen, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS'16, pp.653-665
DOI : 10.1145/1542476.1542486

K. Patil and B. Frederik, A Measurement Study of the Content Security Policy on Real-World Applications. I, 15] N. Perriault. CasperJS navigation and scripting tool for PhantomJS, pp.383-392, 2016.

G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson, Busting frame busting: a study of clickjacking vulnerabilities at popular sites, IEEE Oakland Web 2.0 Security and Privacy, 2010.

K. Singh, A. Moshchuk, H. J. Wang, and W. Lee, On the Incoherencies in Web Browser Access Control Policies, 2010 IEEE Symposium on Security and Privacy, pp.463-478, 2010.
DOI : 10.1109/SP.2010.35

D. F. Some, N. Bielova, and T. Rezk, On the Content Security Policy Violations due to the Same-Origin Policy, Proceedings of the 26th International Conference on World Wide Web, WWW '17
DOI : 10.1109/MC.2016.76

URL : https://hal.archives-ouvertes.fr/hal-01649526

S. Stamm, B. Sterne, and G. Markham, Reining in the web with content security policy, Proceedings of the 19th international conference on World wide web, WWW '10, pp.921-930, 2010.
DOI : 10.1145/1772690.1772784

N. Swamy, C. Fournet, A. Rastogi, K. Bhargavan, J. Chen et al., Gradual typing embedded securely in JavaScript, Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '14, pp.425-438, 2014.
DOI : 10.1145/2535838.2535889

URL : https://hal.archives-ouvertes.fr/hal-00940836

A. Van-kesteren, Cross Origin Resource Sharing, W3C Recommendation, 2014.

L. Weichselbaum, M. Spagnuolo, S. Lekies, and A. Janc, CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS'16, pp.1376-1387
DOI : 10.1145/1368088.1368112

M. Weissbacher, T. Lauinger, and W. K. Robertson, Why Is CSP Failing? Trends and Challenges in CSP Adoption, Research in Attacks, Intrusions and Defenses -17th International Symposium, RAID 2014. Proceedings, pp.212-233, 2014.
DOI : 10.1007/978-3-319-11379-1_11

URL : http://seclab.ccs.neu.edu/static/publications/raid2014csp.pdf

M. West, Content Security Policy: Embedded Enforcement, 2016.

M. West, Content Security Policy Level 3, W3C Working Draft, 2016.

M. West, Origin Policy. A Collection of Interesting Ideas, 2016.

M. West and I. Grigorik, Feature Policy, W3C Draft Community Group Report, 2016.

I. Yusof and A. K. Pathan, Mitigating Cross-Site Scripting Attacks with a Content Security Policy, Computer, vol.49, issue.3, pp.56-63, 2016.
DOI : 10.1109/MC.2016.76