X-Webkit-Csp

HTTP response header

The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load.

Header usage statistics

X-Webkit-Csp response header information and usage statistics.

Websites using header X-Webkit-Csp49,726
Percentage of websites that use X-Webkit-Csp header<0.1%
Total discovered header values4,042
Header uses directivesNo
Header values are unique or randomNo
Most popular in the country DE

X-Webkit-Csp Directives

X-Webkit-Csp directives value information and usage statistics

DirectiveShareWebsites countUnique Values

Distribution by websites popularity

X-Webkit-Csp detection in the top websites by popularity

Top 10k sites45 websites
Top 100k sites271 websites
Top 1m sites1,591 websites

Websites utilizing X-Webkit-Csp

List of websites that use X-Webkit-Csp header

See full domain list
Flat price per the report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common X-Webkit-Csp header values

Header valueValue prevalence
default-src 'self' 'unsafe-inline'28.61%
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self';12.82%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';7.85%
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'5.77%
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src *5.25%
default-src 'self'3.39%
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block;3.27%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;1.80%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;img-src 'self' data: ;1.03%
default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss:;0.81%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;img-src 'self' data: ;0.69%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: ;0.61%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org *.tile.opencyclemap.org;0.61%
allow 'self';0.59%
frame-ancestors 'self'0.53%
default-src 'self'; connect-src 'self' https://*.princeton.edu https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.elfsight.com https://api.instacloud.io https://*.textrecruit.com https://*.juicer.io http0.48%
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' http: https: data:; frame-ancestors 'self';0.40%
default-src 'self' www.google-analytics.com; script-src 'self' 'unsafe-inline' connect.facebook.net static.tacdn.com www.tripadvisor.fr www.tripadvisor.com www.jscache.com assets.pinterest.com log.pinterest.com ajax.googleapis.com platform.twitter.com api0.39%
default-src 'self' https://html5.validator.nu/ www.google-analytics.com; script-src 'self' 'unsafe-inline' connect.facebook.net static.tacdn.com www.tripadvisor.fr www.tripadvisor.com www.jscache.com assets.pinterest.com log.pinterest.com ajax.googleapis.0.36%
default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; connect-src 'none'; report-uri 'self'; report-to 'self';0.36%