HTML Guide

Content-Security-Policy HTTP header: Bad content security policy

The HTTP Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks.

Learn more:

Related W3C validator issues

The “headers” attribute on the element “td” refers to the ID X, but there is no “th” element with that ID in the same table.

A td element’s headers attribute must reference the ID of a th element within the same table.

The headers attribute is used to define explicit associations between data cells (td) and header cells (th) by referencing header cell IDs. For valid markup, every ID referenced in the headers attribute must exist as a th element’s id within the same table. This helps users—especially those using assistive technology—understand which header(s) apply to each data cell.

For example, if a td references headers="table_header_1", there must be a th id="table_header_1" present. If it’s missing or mistyped, you’ll get the validator error you described.

Correct pattern:

<table>
  <tr>
    <th id="table_header_1">Header 1</th>
    <th id="table_header_2">Header 2</th>
  </tr>
  <tr>
    <td headers="table_header_1">Row 2, Column 1</td>
    <td headers="table_header_2">Row 2, Column 2</td>
  </tr>
</table>

Incorrect pattern (missing th ID):

<table>
  <tr>
    <th>Header 1</th>
    <th id="table_header_2">Header 2</th>
  </tr>
  <tr>
    <td headers="table_header_1">Row 2, Column 1</td>
    <td headers="table_header_2">Row 2, Column 2</td>
  </tr>
</table>

To resolve the error, ensure every value in a td‘s headers attribute matches the id of a th element in the same table.