Content Security Policy Level 2

- CR

Mitigate cross-site scripting attacks by whitelisting allowed sources of script, style, and other resources. CSP 2 adds hash-source, nonce-source, and five new directives

IE

  1. 5.5 - 10: Not supported
  2. 11: Not supported

Edge

  1. 12 - 14: Not supported
  2. 15 - 18: Partial support
  3. 79: Supported
  4. 80: Supported

Firefox

  1. 2 - 30: Not supported
  2. 31 - 34: Partial support
  3. 35: Partial support
  4. 36 - 44: Partial support
  5. 45 - 72: Partial support
  6. 73: Partial support
  7. 74 - 75: Partial support

Chrome

  1. 4 - 35: Not supported
  2. 36 - 38: Partial support
  3. 39: Partial support
  4. 40 - 79: Supported
  5. 80: Supported
  6. 81 - 83: Supported

Safari

  1. 3.1 - 9.1: Not supported
  2. 10 - 12.1: Supported
  3. 13: Supported
  4. TP: Supported

Opera

  1. 9 - 22: Not supported
  2. 23 - 25: Partial support
  3. 26: Partial support
  4. 27 - 65: Supported
  5. 66: Supported

iOS Safari

  1. 3.2 - 9.3: Not supported
  2. 10 - 13.1: Supported
  3. 13.2: Supported
  4. 13.3: Supported

Opera Mini

  1. all: Not supported

Android Browser

  1. 2.1 - 4.4.4: Not supported
  2. 80: Supported

Blackberry Browser

  1. 7: Not supported
  2. 10: Not supported

Opera Mobile

  1. 10 - 12.1: Not supported
  2. 46: Supported

Chrome for Android

  1. 80: Supported

Firefox for Android

  1. 68: Partial support

IE Mobile

  1. 10: Not supported
  2. 11: Not supported

UC Browser for Android

  1. 12.12: Not supported

Samsung Internet

  1. 4 - 9.2: Supported
  2. 10.1: Supported

QQ Browser

  1. 1.2: Supported

Baidu Browser

  1. 7.12: Supported

KaiOS Browser

  1. 2.5: Partial support
Resources:
MDN Web Docs - Content Security Policy
HTML5Rocks article