X-Content-Security-Policy
HTTP response headerIt controls what domains subdomains and types of resources a browser is allowed to load on a given web page.
Header usage statistics
X-Content-Security-Policy response header information and usage statistics.| Websites using header X-Content-Security-Policy | 10,005 |
| Percentage of websites that use X-Content-Security-Policy header | <0.1% |
| Total discovered header values | 2,353 |
| Header uses directives | No |
| Header values are unique or random | No |
| Most popular in the country | 
United States of America
|
Distribution by websites popularity
X-Content-Security-Policy detection in the top websites by popularity| Top 10k sites | 36 websites |
| Top 100k sites | 167 websites |
| Top 1m sites | 1,542 websites |
Websites utilizing X-Content-Security-Policy
List of websites that use X-Content-Security-Policy header| Domain | Country | Rank | Contacts |
|---|---|---|---|
|
|
United States of America
|
112 | |
|
|
United States of America
|
255 | |
|
|
United States of America
|
358 | |
|
|
United States of America
|
466 | |
|
|
United States of America
|
492 | |
|
|
United States of America
|
518 |
Geographical Distribution
Header usage distribution by websites across the globe.Common header values
List of top common X-Content-Security-Policy header values| Header value | Value prevalence |
|---|---|
| default-src ''self'' ;options inline-script eval-script;referrer no-referrer;img-src ''self'' data: *.tile.openstreetmap.org;object-src ''none''; | 11.85% |
| allow ''self''; | 7.82% |
| frame-ancestors ''self'' | 5.45% |
| default-src ''self'' ''unsafe-inline'' | 3.84% |
| default-src ''self'' | 2.28% |
| default-src ''self''; script-src ''self'' ''unsafe-eval'' ''unsafe-inline''; style-src ''self'' ''unsafe-inline''; img-src ''self'' data:; connect-src ''self''; font-src ''self''; object-src ''self''; media-src ''self''; child-src ''self'' | 2.10% |
| default-src ''self'' ;options inline-script eval-script;referrer no-referrer;img-src ''self'' data: ; | 2.06% |
| default-src ''self''; script-src ''self''; connect-src ''self''; img-src ''self'' data:; style-src ''self''; | 1.80% |
| default-src ''self'' ;options inline-script eval-script;img-src ''self'' data: ; | 1.66% |
| frame-ancestors DENY | 1.60% |
| default-src ''self''; script-src ''self''; connect-src ''self''; img-src ''self'' data:; style-src ''self''; reflected-xss block; | 1.24% |
| default-src ''self'' ''unsafe-inline''; | 1.23% |
| default-src ''self''; script-src ''self'' ''unsafe-eval'' ''unsafe-inline'' data: www.google-analytics.com js-agent.newrelic.com bam.nr-data.net *.twimg.com *.twitter.com *.swellbox.com; style-src ''self'' ''unsafe-inline'' *.typekit.net fonts.googleapis. | 1.17% |
| default-src ''self'' ;options inline-script eval-script;referrer no-referrer;img-src ''self'' data: *.tile.openstreetmap.org; | 0.91% |
| default-src ''self''; img-src ''self'' data:; script-src ''self'' ''unsafe-inline'' ''unsafe-eval''; style-src ''self'' ''unsafe-inline''; connect-src ''self'' wss:; | 0.86% |
| default-src ''self''; img-src ''self'' data: www.google-analytics.com www.randomhouse.de service.randomhouse.de 10.4.91.62 ''unsafe-inline''; script-src ''self'' maps.googleapis.com www.google-analytics.com https://www.google-analytics.com; style-src ''se | 0.83% |
| default-src ''self'' ;options inline-script eval-script;img-src ''self'' data: ; | 0.83% |
| default-src ''self''; | 0.68% |
| script-src ''self'' ''unsafe-inline'' ''unsafe-eval'' https://crowdmap.com https://*.crowdmap.com https://*.typekit.com https://apis.google.com https://*.akamai.net https://*.gaug.es https://*.youtube.com https://*.ytimg.net https://*.googlevideo.com http | 0.65% |
| frame-ancestors ''none'' | 0.60% |