X-Content-Security-Policy
HTTP response headerIt controls what domains subdomains and types of resources a browser is allowed to load on a given web page.
Header usage statistics
X-Content-Security-Policy response header information and usage statistics.| Websites using header X-Content-Security-Policy | 9,785 |
| Percentage of websites that use X-Content-Security-Policy header | <0.1% |
| Total discovered header values | 2,440 |
| Header uses directives | No |
| Header values are unique or random | No |
| Most popular in the country | 
United States of America
|
Distribution by websites popularity
X-Content-Security-Policy detection in the top websites by popularity| Top 10k sites | 50 websites |
| Top 100k sites | 208 websites |
| Top 1m sites | 1,620 websites |
Websites utilizing X-Content-Security-Policy
List of websites that use X-Content-Security-Policy header| Domain | Country | Rank | Contacts |
|---|---|---|---|
|
|
United States of America
|
112 | |
|
|
United States of America
|
255 | |
|
|
United States of America
|
285 | |
|
|
United States of America
|
358 | |
|
|
Luxembourg
|
413 | |
|
|
United States of America
|
466 |
Flat price per report, subscription is not required.
Geographical Distribution
Header usage distribution by websites across the globe.Common header values
List of top common X-Content-Security-Policy header values| Header value | Value prevalence |
|---|---|
| allow 'self'; | 7.73% |
| default-src 'self' 'unsafe-inline' | 7.07% |
| frame-ancestors 'self' | 5.70% |
| default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; | 5.39% |
| default-src 'self' | 2.31% |
| default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' | 2.17% |
| default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; | 2.03% |
| default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: ; | 1.66% |
| frame-ancestors DENY | 1.57% |
| default-src 'self'; script-src 'self' 'unsafe-eval' www.google-analytics.com js-agent.newrelic.com bam.nr-data.net *.twimg.com *.twitter.com; style-src 'self' 'unsafe-inline' *.typekit.net fonts.googleapis.com platform.twitter.com *.twimg.com; img-src 'se | 1.38% |
| default-src 'self' ;options inline-script eval-script;img-src 'self' data: ; | 1.32% |
| default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block; | 0.96% |
| default-src 'self'; | 0.85% |
| frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv | 0.83% |
| default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org; | 0.73% |
| upgrade-insecure-requests | 0.72% |
| default-src 'self'; img-src 'self' data: www.google-analytics.com www.randomhouse.de www.penguinrandomhouse.de service.randomhouse.de 10.4.91.62 'unsafe-inline'; script-src 'self' maps.googleapis.com www.google-analytics.com https://www.google-analytics.c | 0.72% |
| frame-ancestors 'none' | 0.68% |
| default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss:; | 0.68% |
| default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.co | 0.65% |