Content-Security_Policy HTTP response header

Content-Security_Policy

HTTP response header

Header usage statistics

Content-Security_Policy response header information and usage statistics.


Websites using header Content-Security_Policy	35
Percentage of websites that use Content-Security_Policy header	<0.1%
Total discovered header values	20
Header uses directives	No
Header values are unique or random	No
Most popular in the country	United States

Content-Security_Policy Directives

Content-Security_Policy directives value information and usage statistics

Directive	Share	Websites count	Unique Values

Content-Security_Policy header usage distribution by website rank

Geographical Distribution

Header usage distribution by websites across the globe.

Websites utilizing Content-Security_Policy

List of websites that use Content-Security_Policy header

Domain	Country	Rank
www.visitaruba.com	United States	312,764
www.ucentral.cl	Chile	420,755
www.uniqa.hu	Hungary	485,629
derrick.com	United States	1,178,075
www.100bestwebhosts.com	United States	2,236,739
hslvizag.in	India	2,869,300

See full domain list

Common header values

List of top common Content-Security_Policy header values

Header value	Value prevalence
default-src 'self';	17.14%
default-src *	17.14%
frame-ancestors 'none'; block-all-mixed-content; default-src 'self' https://xtra-mile.co/; script-src 'self' https://.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://.google.com/ https://snap.licdn.com/ https://connect.facebook.net/ h	8.57%
default-src 'none';script-src 'self' www.google-analytics.com ajax.googleapis.com;connect-src 'self';img-src 'self';style-src 'self';base-uri 'self';form-action 'self';	5.71%
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'	5.71%
script-src 'self' https://www.google.com	5.71%
block-all-mixed-content;	2.86%
default-src 'none'; connect-src 'self'; img-src 'self' https://ajax.googleapis.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/j	2.86%
default-src 'none'; script-src 'self' www.google-analytics.com www.googletagmanager.com; connect-src 'self'; img-src 'self' data:; font-src 'self' fonts.gstatic.com; style-src 'self' fonts.googleapis.com maxcdn.bootstrapcdn.com;	2.86%
default-src 'none'; script-src 'self' www.google-analytics.com www.googletagmanager.com; connect-src 'self'; img-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'self' fonts.googleapis.com maxcdn.bootstrapcdn.com; object-src 'self' *.uniqa.hu; fr	2.86%
default-src 'none'; script-src'self' 'unsafe-inline' 'unsafe-eval' .facebook.net www.google-analytics.com www.googletagmanager.com .googleapis.com .google.com .gstatic.com .cookiebot.com .adobe.com *.adobe.io; script-src-elem 'self' 'unsafe-inline'	2.86%
default-src 'none'; script-src'self'www.google-analytics.com www.googletagmanager.com; connect-src 'self'; img-src 'self' data:; font-src'self' fonts.gstatic.com; style-src 'self' fonts.googleapis.com maxcdn.bootstrapcdn.com;	2.86%
default-src 'self'; script-src 'self';font-src 'self';img-src *	2.86%
default-src 'self'; upgrade-insecure-requests;	2.86%
default-src-https: data: 'unsafe-inline' 'unsafe-eval'	2.86%
frame-ancestors 'self' 'https://vantage.crst.com' 'http://10.2.0.113:';	2.86%
frame-ancestors https://derrick.com	2.86%
script-src * 'unsafe-inline' 'unsafe-eval'; object-src ; style-src 'unsafe-inline'; img-src * data:; media-src ; frame-src ; frame-ancestors ; child-src blob:; font-src ; connect-src ; report-uri /report-csp-violation	2.86%
upgrade-insecure-requests	2.86%
upgrade-insecure-requests;	2.86%