X-Content-Security-Policy
HTTP response headerIt controls what domains subdomains and types of resources a browser is allowed to load on a given web page.
Header usage statistics
X-Content-Security-Policy response header information and usage statistics.| Websites using header X-Content-Security-Policy | 42,736 |
| Percentage of websites that use X-Content-Security-Policy header | <0.1% |
| Total discovered header values | 5,062 |
| Header uses directives | No |
| Header values are unique or random | No |
| Most popular in the country | 
Germany
|
Distribution by websites popularity
X-Content-Security-Policy detection in the top websites by popularity| Top 10k sites | 57 websites |
| Top 100k sites | 213 websites |
| Top 1m sites | 1,596 websites |
Websites utilizing X-Content-Security-Policy
List of websites that use X-Content-Security-Policy header| Domain | Country | Rank | Contacts |
|---|---|---|---|
|
|
United States of America
|
149 | |
|
|
United States of America
|
149 | |
|
|
United States of America
|
255 | |
|
|
United States of America
|
358 | |
|
|
United States of America
|
379 | |
|
|
Luxembourg
|
413 |
Flat price per the report, subscription is not required.
Geographical Distribution
Header usage distribution by websites across the globe.Common header values
List of top common X-Content-Security-Policy header values| Header value | Value prevalence |
|---|---|
| default-src 'self' 'unsafe-inline' | 16.70% |
| allow 'self'; | 8.40% |
| default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; | 7.60% |
| default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; | 5.09% |
| frame-ancestors 'self' | 4.43% |
| default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block; | 3.49% |
| default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: ; | 2.86% |
| default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' | 2.68% |
| default-src 'self' ;options inline-script eval-script;img-src 'self' data: ; | 1.67% |
| default-src 'self' | 1.48% |
| default-src 'self' 'unsafe-inline'; | 1.34% |
| default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org; | 1.19% |
| frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv | 0.80% |
| script-src 'self' 'unsafe-inline' 'unsafe-eval' w.estat.com *.moatads.com *.captcha.com *.vimeo.com fresnel.vimeocdn.com www.youtube.com *.doubleclick.net www.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googletagmanager.com s7.addthi | 0.77% |
| script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; | 0.76% |
| default-src 'self' ;options inline-script eval-script;img-src 'self' data: ; | 0.73% |
| default-src 'self'; | 0.66% |
| default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src * | 0.58% |
| default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss:; | 0.58% |
| frame-ancestors DENY | 0.54% |