The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load.
Websites using header X-WebKit-CSP | 47,864 |
Percentage of websites that use X-WebKit-CSP header | <0.1% |
Total discovered header values | 3,782 |
Header uses directives | No |
Header values are unique or random | No |
Most popular in the country | ![]() |
Directive | Share | Websites count | Unique Values |
---|
Domain | Country | Rank | Contacts |
---|---|---|---|
![]() | 245 | ||
![]() | 735 | ||
![]() | 820 | ||
![]() | 2,754 | ||
![]() | 3,066 | ||
![]() | 4,153 |
Header value | Value prevalence |
---|---|
default-src 'self' 'unsafe-inline' | 38.71% |
frame-src 'self' * | 7.59% |
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; | 7.55% |
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; | 5.30% |
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' | 4.60% |
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; | 3.76% |
default-src 'self' | 2.61% |
frame-ancestors 'self' | 1.80% |
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block; | 1.02% |
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org; | 0.77% |
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src * | 0.76% |
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; | 0.58% |
font-src 'self'; | 0.51% |
report-uri /report-csp-violation | 0.49% |
frame-ancestors scvr.co *.scvr.co | 0.42% |
report-uri /report-csp-violation; upgrade-insecure-requests | 0.40% |
allow 'self'; | 0.39% |
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: ; | 0.38% |
default-src 'self'; script-src 'self' 'unsafe-eval' www.google-analytics.com js-agent.newrelic.com bam.nr-data.net *.twimg.com *.twitter.com *.googletagmanager.com siteimproveanalytics.com cdnapisec.kaltura.com; object-src 'none'; style-src 'self' 'unsafe | 0.37% |
default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss:; | 0.37% |