X-WebKit-CSP

HTTP response header

The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load.

Header usage statistics

X-WebKit-CSP response header information and usage statistics.
Websites using header X-WebKit-CSP47,864
Percentage of websites that use X-WebKit-CSP header<0.1%
Total discovered header values3,782
Header uses directivesNo
Header values are unique or randomNo
Most popular in the country Germany

X-WebKit-CSP Directives

X-WebKit-CSP directives value information and usage statistics
DirectiveShareWebsites countUnique Values

Websites utilizing X-WebKit-CSP

List of websites that use X-WebKit-CSP header
DomainCountryRankContacts
bfdi.bund.de Germany245
surveymonkey.com United States735
news.gandi.net United States820
uber.com United States2,754
bsi.bund.de Germany3,066
postman.com United States4,153
See full domain list

Common header values

List of top common X-WebKit-CSP header values
Header valueValue prevalence
default-src 'self' 'unsafe-inline'38.71%
frame-src 'self' *7.59%
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self';7.55%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';5.30%
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'4.60%
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self';3.76%
default-src 'self'2.61%
frame-ancestors 'self'1.80%
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block;1.02%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;0.77%
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src *0.76%
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; object-src 'self'; frame-src 'self'; frame-ancestors 'self';0.58%
font-src 'self';0.51%
report-uri /report-csp-violation0.49%
frame-ancestors scvr.co *.scvr.co0.42%
report-uri /report-csp-violation; upgrade-insecure-requests0.40%
allow 'self';0.39%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: ;0.38%
default-src 'self'; script-src 'self' 'unsafe-eval' www.google-analytics.com js-agent.newrelic.com bam.nr-data.net *.twimg.com *.twitter.com *.googletagmanager.com siteimproveanalytics.com cdnapisec.kaltura.com; object-src 'none'; style-src 'self' 'unsafe0.37%
default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss:;0.37%