X-Content-Security-Policy

HTTP response header

It controls what domains subdomains and types of resources a browser is allowed to load on a given web page.

Header usage statistics

X-Content-Security-Policy response header information and usage statistics.

Websites using header X-Content-Security-Policy90,486
Percentage of websites that use X-Content-Security-Policy header<0.1%
Total discovered header valuesMore than 10,000
Header uses directivesNo
Header values are unique or randomNo
Most popular in the country DE

X-Content-Security-Policy Directives

X-Content-Security-Policy directives value information and usage statistics

DirectiveShareWebsites countUnique Values

Distribution by websites popularity

X-Content-Security-Policy detection in the top websites by popularity

Top 10k sites119 websites
Top 100k sites627 websites
Top 1m sites3,786 websites

Websites utilizing X-Content-Security-Policy

List of websites that use X-Content-Security-Policy header

See full domain list
Flat price per the report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common X-Content-Security-Policy header values

Header valueValue prevalence
default-src 'self' 'unsafe-inline'14.87%
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self';7.20%
allow 'self';6.26%
frame-ancestors 'self'6.19%
default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';4.35%
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'3.39%
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src *3.05%
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ;2.25%
default-src 'self'; img-src *; media-src * data:;2.07%
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block;1.89%
default-src 'self'1.66%
frame-ancestors *1.55%
frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv1.35%
img-src *; media-src * data:;1.09%
default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;1.05%
default-src 'self' ;options inline-script eval-script;img-src 'self' data: ;0.99%
default-src 'self' 'unsafe-inline';0.74%
default-src 'self';0.70%
default-src 'self'; script-src 'self';0.56%
default-src 'self' ;options inline-script eval-script;img-src 'self' data: ;0.55%