CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website
| Websites using header Content-Security-Policy | 731,942 |
| Percentage of websites that use Content-Security-Policy header | 6.28% |
| Total discovered header values | 217,919 |
| Header uses directives | Yes |
| Header values are unique or random | No |
| Most popular in the country | 
United States of America
|
| Directive | Share | Websites count | Unique Values |
|---|---|---|---|
| upgrade-insecure-requests | 29.14% | 213,264 | 65 |
| block-all-mixed-content | 12.70% | 92,985 | 39 |
| frame-ancestors | <0.1% | 190 | 2 |
| base-uri | <0.1% | 65 | 3 |
| object-src | <0.1% | 54 | 1 |
| sandbox | <0.1% | 51 | 1 |
| frame-src | <0.1% | 42 | 1 |
| report-uri | <0.1% | 38 | 5 |
| default-src | <0.1% | 34 | 8 |
| worker-src | <0.1% | 21 | 2 |
| child-src | <0.1% | 20 | 2 |
| media-src | <0.1% | 19 | 1 |
| report-to | <0.1% | 15 | 1 |
| plugin-types | <0.1% | 14 | 1 |
| prefetch-src | <0.1% | 13 | 1 |
| connect-src | <0.1% | 11 | 3 |
| manifest-src | <0.1% | 11 | 1 |
| script-src | <0.1% | 10 | 3 |
| script-src-attr | <0.1% | 6 | 1 |
| img-src | <0.1% | 5 | 3 |
| style-src | <0.1% | 5 | 3 |
| font-src | <0.1% | 4 | 1 |
| form-action | <0.1% | 4 | 2 |
| style-src-attr | <0.1% | 4 | 1 |
| trusted-types | <0.1% | 3 | 1 |
| referrer | <0.1% | 1 | 1 |
Twitter Platform, category
JavaScript Libraries, total
353,066 websites
|
Vimeo, category
Video Players, total
92,953 websites
|
Drift, category
Live Chat, total
13,576 websites
|
Heap, category
Analytics, total
2,919 websites
|
| Top 10k sites | 1,728 websites |
| Top 100k sites | 10,806 websites |
| Top 1m sites | 64,385 websites |
| Domain | Country | Rank | Contacts |
|---|---|---|---|
|
|
United States of America
|
2 | |
|
|
United States of America
|
3 | |
|
|
United States of America
|
7 | |
|
|
United States of America
|
7 | |
|
|
United States of America
|
12 | |
|
|
United States of America
|
13 |
| Header value | Value prevalence |
|---|---|
| frame-ancestors 'self' | 17.28% |
| block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; | 13.55% |
| upgrade-insecure-requests | 12.11% |
| upgrade-insecure-requests; | 6.74% |
| default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' | 1.62% |
| upgrade-insecure-requests; default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; | 1.28% |
| frame-ancestors 'none'; | 0.91% |
| block-all-mixed-content | 0.78% |
| frame-ancestors https://my.bigcartel.com; | 0.65% |
| frame-ancestors 'self' websitebuilder.godaddy.com websitebuilder.secureserver.net | 0.57% |
| block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; | 0.53% |
| frame-ancestors 'self'; | 0.50% |
| frame-ancestors 'self' https://*.granicus.com http://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: | 0.43% |
| frame-ancestors 'none' | 0.39% |
| script-src 'self' | 0.39% |
| default-src https: data: 'unsafe-inline' 'unsafe-eval' | 0.38% |
| frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com | 0.37% |
| frame-ancestors 'self' ; | 0.34% |
| frame-ancestors 'self'; upgrade-insecure-requests | 0.33% |
| upgrade-insecure-requests; report-uri /__csp-collector/index | 0.28% |