HTTP response header

The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load.

Header usage statistics

X-WebKit-CSP response header information and usage statistics.

Websites using header X-WebKit-CSP 5,529
Percentage of websites that use X-WebKit-CSP header <0.1%
Total discovered header values 1,095
Header uses directives No
Header values are unique or random No
Most popular in the country Germany

Distribution by websites popularity

X-WebKit-CSP detection in the top websites by popularity

Top 10k sites 12 websites
Top 100k sites 64 websites
Top 1m sites 720 websites

Websites utilizing X-WebKit-CSP

List of websites that use X-WebKit-CSP header

Domain Country Rank Contacts
www.surveymonkey.com United States of America 112
steemit.com United States of America 255
www.news.com.au United States of America 518
www.nrdc.org United States of America 1,367
wetten.overheid.nl Netherlands 2,887
www.deejay.de Germany 4,782
See full domain list

Geographical Distribution

Header usage distribution by websites across the globe.

Common header values

List of top common X-WebKit-CSP header values

Header value Value prevalence
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none'; 21.07%
default-src 'self' 'unsafe-inline' 8.74%
default-src 'self' 4.47%
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 3.94%
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 3.44%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;referrer no-referrer;img-src 'self' data: ; 3.09%
default-src 'self'; script-src 'self' 'unsafe-eval' www.google-analytics.com js-agent.newrelic.com bam.nr-data.net *.twimg.com *.twitter.com; style-src 'self' 'unsafe-inline' *.typekit.net fonts.googleapis.com platform.twitter.com *.twimg.com; img-src 'se 2.39%
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block; 1.97%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;img-src 'self' data: ; 1.77%
frame-ancestors 'self' 1.57%
default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss:; 1.56%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org; 1.43%
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://*.hotjar.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.co 1.18%
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://crowdmap.com https://*.crowdmap.com https://*.typekit.com https://apis.google.com https://*.akamai.net https://*.gaug.es https://*.youtube.com https://*.ytimg.net https://*.googlevideo.com https://*. 1.12%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;img-src 'self' data: ; 1.05%
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.piwik.bayern.de; img-src 'self' data: www.piwik.bayern.de; font-src 'self' data: 1.03%
frame-ancestors scvr.co *.scvr.co 0.83%
report-uri /report-csp-violation 0.76%
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.wsv.bund.de sg.geodatenzentrum.de; object-src 'self'; media-src 'self' *.wsv.bund.de *.wsv.de *.bund.de dat 0.65%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: ; 0.65%