X-WebKit-CSP
HTTP response headerThe new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load.
Header usage statistics
X-WebKit-CSP response header information and usage statistics.| Websites using header X-WebKit-CSP | 37,342 |
| Percentage of websites that use X-WebKit-CSP header | less than 0.1% |
| Total discovered header values | 3,552 |
| Header uses directives | No |
| Header values are unique or random | No |
| Most popular in the country |  Germany |
X-WebKit-CSP Directives
X-WebKit-CSP directives value information and usage statistics| Directive | Share | Websites count | Unique Values |
|---|
Websites utilizing X-WebKit-CSP
List of websites that use X-WebKit-CSP header| Domain | Country | Rank | Contacts |
|---|---|---|---|
| Germany | 245 | ||
 United States | 820 | ||
| United States | 2,528 | ||
| United States | 2,754 | ||
| Germany | 3,066 | ||
| United States | 4,153 |
Common header values
List of top common X-WebKit-CSP header values| Header value | Value prevalence |
|---|---|
| default-src 'self' 'unsafe-inline' | 44% |
| default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; | 9% |
| default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; | 6% |
| default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; | 3% |
| default-src 'self' | 3% |
| frame-ancestors 'self' | 1% |
| default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' | 0% |
| report-uri /report-csp-violation; upgrade-insecure-requests | 0% |
| default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block; | 0% |
| default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src * | 0% |
| frame-ancestors scvr.co *.scvr.co | 0% |
| default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org; | 0% |
| report-uri /report-csp-violation | 0% |
| default-src 'self'; script-src 'self' 'unsafe-eval' www.google-analytics.com js-agent.newrelic.com bam.nr-data.net *.twimg.com *.twitter.com *.googletagmanager.com siteimproveanalytics.com cdnapisec.kaltura.com; object-src 'none'; style-src 'self' 'unsafe | 0% |
| font-src 'self'; | 0% |
| default-src 'self'; script-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' fonts.gstatic.com; | 0% |
| default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; | 0% |
| allow 'self'; | 0% |
| frame-ancestors *.anjuke.com http://*.anjuke.com *.aifang.com http://*.aifang.com *.58ganji.com http://*.58ganji.com *.58.com http://*.58.com *.jikejia.cn http://*.jikejia.cn http://jikejia.cn yfyk.youfangyouke.com http://yfyk.youfangyouke.com *.58corp.co | 0% |
| default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: ; | 0% |