Security-Policy

HTTP response header

Header usage statistics

Security-Policy response header information and usage statistics.
Websites using header Security-Policy12
Percentage of websites that use Security-Policy header<0.1%
Total discovered header values5
Header uses directivesNo
Header values are unique or randomNo
Most popular in the country United States

Security-Policy Directives

Security-Policy directives value information and usage statistics
DirectiveShareWebsites countUnique Values

Security-Policy header usage distribution by website rank



Geographical Distribution

Header usage distribution by websites across the globe.



Websites utilizing Security-Policy

List of websites that use Security-Policy header
DomainCountryRankContacts
losethebackpain.com United States10,520
xifin.net United States598,542
dxlink.com United States837,422
portal.xifin.com United States5,869,429
www.onextech.com.sg Singapore6,177,311
lis.xifin.net United States6,429,228
See full domain list

Common header values

List of top common Security-Policy header values
Header valueValue prevalence
default-src, 'self'41.67%
default-src 'self'; image-src 'https://unsplash.com'; script-src 'self' https://www.google-analytics.com; font-src 'self' 'https://fonts.googleapis.com';25.00%
geolocation 'none';midi 'none';sync-xhr 'self';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'self';payment 'none';16.67%
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sdk.twilio.com https://media.twiliocdn.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.twilio.com;prefetch-src 'self' https://cdn.ciptex.com;img-sr8.33%
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'self' data:8.33%