CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website
| Websites using header Content-Security-Policy | 2,311,499 |
| Percentage of websites that use Content-Security-Policy header | 4.31% |
| Total discovered header values | 293,459 |
| Header uses directives | Yes |
| Header values are unique or random | No |
| Most popular in the country | 
United States of America
|
| Directive | Share | Websites count | Unique Values |
|---|---|---|---|
| upgrade-insecure-requests | 17.19% | 397,238 | 26 |
| block-all-mixed-content | 6.75% | 156,001 | 29 |
| frame-ancestors | <0.1% | 497 | 3 |
| default-src | <0.1% | 266 | 6 |
| base-uri | <0.1% | 78 | 2 |
| report-uri | <0.1% | 44 | 3 |
| object-src | <0.1% | 35 | 2 |
| sandbox | <0.1% | 30 | 1 |
| media-src | <0.1% | 18 | 1 |
| frame-src | <0.1% | 17 | 2 |
| child-src | <0.1% | 16 | 2 |
| worker-src | <0.1% | 12 | 2 |
| plugin-types | <0.1% | 10 | 1 |
| script-src | <0.1% | 9 | 3 |
| manifest-src | <0.1% | 8 | 1 |
| connect-src | <0.1% | 6 | 1 |
| form-action | <0.1% | 6 | 3 |
| prefetch-src | <0.1% | 6 | 1 |
| trusted-types | <0.1% | 3 | 1 |
| font-src | <0.1% | 2 | 1 |
| img-src | <0.1% | 2 | 1 |
| report-to | <0.1% | 2 | 1 |
| require-sri-for | <0.1% | 2 | 1 |
| require-trusted-types-for | <0.1% | 2 | 1 |
| style-src | <0.1% | 2 | 1 |
| script-src-attr | <0.1% | 1 | 1 |
| style-src-attr | <0.1% | 1 | 1 |
Vimeo, category
Video Players, total
463,377 websites
|
AddThis, category
Widgets, total
443,506 websites
|
PayPal, category
Payment Processors, total
335,596 websites
|
Drift, category
Live Chat, total
28,658 websites
|
Tealium, category
Tag Managers, total
22,681 websites
|
|
|
Contentful, category
Content Management System, total
7,408 websites
|
Heap, category
Analytics, total
7,201 websites
|
|
|
|
|
| Top 10k sites | 1,865 websites |
| Top 100k sites | 11,518 websites |
| Top 1m sites | 70,270 websites |
| Domain | Country | Rank | Contacts |
|---|---|---|---|
|
|
United States of America
|
2 | |
|
|
United States of America
|
3 | |
|
|
United States of America
|
7 | |
|
|
Ireland
|
7 | |
|
|
United States of America
|
9 | |
|
|
United States of America
|
12 |
| Header value | Value prevalence |
|---|---|
| block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; | 16.96% |
| upgrade-insecure-requests | 16.52% |
| frame-ancestors 'self' | 15.39% |
| upgrade-insecure-requests; | 8.40% |
| frame-ancestors 'self' godaddy.com test-godaddy.com dev-godaddy.com *.godaddy.com *.test-godaddy.com *.dev-godaddy.com | 6.49% |
| upgrade-insecure-requests; default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; | 1.44% |
| frame-ancestors https://*.ionos.com https://*.ionos.at https://*.ionos.co.uk https://*.ionos.de https://*.ionos.es https://*.ionos.fr https://*.ionos.it https://*.ionos.ca https://*.ionos.mx https://*.ionos.us https://*.website-editor.net https://*.mywebs | 1.37% |
| frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net | 0.78% |
| default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' | 0.74% |
| report-to network-errors; upgrade-insecure-requests | 0.66% |
| script-src 'self' | 0.55% |
| frame-ancestors 'self'; | 0.54% |
| block-all-mixed-content | 0.47% |
| frame-ancestors 'none' | 0.47% |
| frame-ancestors https://my.bigcartel.com; | 0.41% |
| default-src * data: 'unsafe-eval' 'unsafe-inline' | 0.40% |
| default-src https: data: 'unsafe-inline' 'unsafe-eval' | 0.37% |
| frame-ancestors https://manage.menufy.com https://manager.menufy.com | 0.33% |
| block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; | 0.31% |
| default-src 'self' 'unsafe-inline' | 0.31% |