X-Content-Security-Policy
HTTP response headerIt controls what domains subdomains and types of resources a browser is allowed to load on a given web page.
Header usage statistics
X-Content-Security-Policy response header information and usage statistics.| Websites using header X-Content-Security-Policy | 10,354 |
| Percentage of websites that use X-Content-Security-Policy header | <0.1% |
| Total discovered header values | 2,400 |
| Header uses directives | No |
| Header values are unique or random | No |
| Most popular in the country | 
United States of America
|
Distribution by websites popularity
X-Content-Security-Policy detection in the top websites by popularity| Top 10k sites | 46 websites |
| Top 100k sites | 196 websites |
| Top 1m sites | 1,626 websites |
Websites utilizing X-Content-Security-Policy
List of websites that use X-Content-Security-Policy header| Domain | Country | Rank | Contacts |
|---|---|---|---|
|
|
United States of America
|
112 | |
|
|
United States of America
|
255 | |
|
|
United States of America
|
358 | |
|
|
United States of America
|
466 | |
|
|
United States of America
|
492 | |
|
|
United States of America
|
518 |
Geographical Distribution
Header usage distribution by websites across the globe.Common header values
List of top common X-Content-Security-Policy header values| Header value | Value prevalence |
|---|---|
| default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; | 11.25% |
| allow 'self'; | 7.44% |
| frame-ancestors 'self' | 5.38% |
| default-src 'self' 'unsafe-inline' | 5.23% |
| default-src 'self' | 2.18% |
| default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' | 2.11% |
| default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; | 1.84% |
| default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: ; | 1.73% |
| frame-ancestors DENY | 1.51% |
| default-src 'self' ;options inline-script eval-script;img-src 'self' data: ; | 1.29% |
| default-src 'self'; script-src 'self' 'unsafe-eval' www.google-analytics.com js-agent.newrelic.com bam.nr-data.net *.twimg.com *.twitter.com; style-src 'self' 'unsafe-inline' *.typekit.net fonts.googleapis.com platform.twitter.com *.twimg.com; img-src 'se | 1.27% |
| default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block; | 1.04% |
| default-src 'self'; | 0.85% |
| default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss:; | 0.83% |
| default-src 'self'; img-src 'self' data: www.google-analytics.com www.randomhouse.de service.randomhouse.de 10.4.91.62 'unsafe-inline'; script-src 'self' maps.googleapis.com www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsa | 0.78% |
| default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org; | 0.76% |
| default-src 'self' 'unsafe-inline'; | 0.75% |
| default-src 'self' ;options inline-script eval-script;img-src 'self' data: ; | 0.70% |
| frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv | 0.69% |
| frame-ancestors 'none' | 0.64% |