| frame-ancestors 'self'; report-uri /csp_logger | 18.72% |
| default-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src * data: zixx: zixxs: cid: file: blob:; font-src * data:; connect-src 'self' www.googleapis.com apis | 13.42% |
| default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; report-uri content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; | 10.78% |
| report-uri /report-csp-violation; upgrade-insecure-requests | 3.47% |
| default-src 'self'; connect-src 'self' https://*.amazonaws.com/translations.userguiding.com/ https://sentry.io https://app.getbeamer.com https://*.userguiding.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com | 3.01% |
| report-uri /report-csp-violation | 2.37% |
| default-src 'self' https://cdn.transporters.io; script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: https://maps.googleapis.com https://js.intercomcdn.com/ https://cdn.transporters.io; style-src * 'unsafe-inline' ; img-src * 'self' data: blob:; font-s | 2.10% |
| default-src 'self'; script-src 'self' maps.googleapis.com *.youtube.com *.trustarc.com www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net unpkg.com cdn.gbqofs.com *.cdn-net.com *.accdab.net *.world | 1.83% |
| script-src 'self' https: 'unsafe-inline' | 1.74% |
| default-src 'self' | 1.46% |
| report-uri /nelmio/csp/report | 1.19% |
| default-src 'self'; report-uri /admin/config/system/seckit/csp-report | 0.91% |
| default-src 'report-sample' https: 'unsafe-eval' 'unsafe-inline'; img-src 'report-sample' https: data:; frame-src *; font-src 'report-sample' 'self' https://fonts.gstatic.com https://script.hotjar.com https://static.olark.com data:; connect-src 'report-sa | 0.91% |
| default-src 'self' blob: wss: data: https: 'report-sample'; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https: 'report-sample'; style-src 'self' 'unsafe-inline' data: https: 'report-sample'; report-uri /nelmio/csp/ | 0.82% |
| default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' unsafe-dynamic; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; frame-src * data: blob:; | 0.82% |
| base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://apikeys.civiccomputing.com http://apikeys.civiccomputing.com apikeys.civiccomputing.com https://ig.instant-toke | 0.73% |
| default-src 'none'; connect-src 'self' *.hotjar.io *.hotjar.com *.pingdom.net *.googleapis.com syndication.twitter.com www.google.com id.siteimprove.com app.trackduck.com my2.siteimprove.com cdnjs.cloudflare.com www.google-analytics.com stats.g.doubleclic | 0.64% |
| default-src 'self' data: *; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *; object-src 'self' data: *; style-src 'self' data: 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' data: *; frame-src 'self'; font-src 'self' data: *; connect- | 0.64% |
| default-src https: 'unsafe-inline' 'unsafe-eval' data: about: blob:; report-uri /_resources/php/csp-report.php | 0.64% |
| default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openst | 0.64% |
United States
Germany
France
Belgium