X-Content-Security-Policy
HTTP response headerIt controls what domains subdomains and types of resources a browser is allowed to load on a given web page.
Header usage statistics
X-Content-Security-Policy response header information and usage statistics.| Websites using header X-Content-Security-Policy | 84,882 |
| Percentage of websites that use X-Content-Security-Policy header | <0.1% |
| Total discovered header values | 9,507 |
| Header uses directives | No |
| Header values are unique or random | No |
| Most popular in the country | 
United States of America
|
Distribution by websites popularity
X-Content-Security-Policy detection in the top websites by popularity| Top 10k sites | 116 websites |
| Top 100k sites | 626 websites |
| Top 1m sites | 3,348 websites |
Websites utilizing X-Content-Security-Policy
List of websites that use X-Content-Security-Policy header| Domain | Country | Rank | Contacts |
|---|---|---|---|
|
|
Germany
|
245 | |
|
|
Germany
|
245 | |
|
|
United States of America
|
260 | |
|
|
United States of America
|
349 | |
|
|
United States of America
|
734 | |
|
|
United States of America
|
820 |
Flat price per the report, subscription is not required.
Geographical Distribution
Header usage distribution by websites across the globe.Common header values
List of top common X-Content-Security-Policy header values| Header value | Value prevalence |
|---|---|
| default-src 'self' 'unsafe-inline' | 13.47% |
| allow 'self'; | 7.18% |
| default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; | 6.59% |
| default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; | 5.17% |
| default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src * | 4.95% |
| default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block; | 3.28% |
| default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' | 3.22% |
| frame-ancestors 'self' | 2.35% |
| default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: ; | 2.09% |
| frame-ancestors * | 1.56% |
| default-src 'self' | 1.50% |
| frame-ancestors https://uscreen.io https://*.uscreen.io https://www.uscreen.tv | 1.49% |
| default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org; | 1.22% |
| default-src 'self' ;options inline-script eval-script;img-src 'self' data: ; | 1.14% |
| script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; | 1.00% |
| default-src 'self' 'unsafe-inline'; | 0.99% |
| default-src 'self' ;options inline-script eval-script;img-src 'self' data: ; | 0.78% |
| default-src 'self'; | 0.74% |
| default-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com ethicspointvp.com cdn.pendo.io 'self' 'unsafe-eval' 'unsafe-inline' *.navexglobal.com; connect-src *.ethicspoint.com *.ethicspointvp.com *.navexone.com *.navexglobal.com et | 0.73% |
| default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io | 0.64% |