X-WebKit-CSP

HTTP response header

The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring which dynamic resources are allowed to load.

Header usage statistics

X-WebKit-CSP response header information and usage statistics.

Websites using header X-WebKit-CSP50,194
Percentage of websites that use X-WebKit-CSP header<0.1%
Total discovered header values4,051
Header uses directivesNo
Header values are unique or randomNo
Most popular in the country Germany

X-WebKit-CSP Directives

X-WebKit-CSP directives value information and usage statistics

DirectiveShareWebsites countUnique Values

X-WebKit-CSP header usage distribution by website popularity



Geographical Distribution

Header usage distribution by websites across the globe.






Websites utilizing X-WebKit-CSP

List of websites that use X-WebKit-CSP header

DomainCountryRankContacts
bfdi.bund.de Germany245
www.bfdi.bund.de Germany245
www.surveymonkey.com United States735
news.gandi.net United States820
www.mrdomain.com Spain1,440
www.rki.de Germany1,864
See full domain list
Flat price per the report, subscription is not required.

Common header values

List of top common X-WebKit-CSP header values

Header valueValue prevalence
default-src 'self' 'unsafe-inline'37.81%
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self';6.94%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';6.89%
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self'5.46%
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self';3.75%
default-src 'self'3.29%
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block;2.47%
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src *2.16%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;1.44%
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; object-src 'self'; frame-src 'self'; frame-ancestors 'self';1.10%
frame-ancestors 'self'0.75%
font-src 'self';0.67%
default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss:;0.58%
default-src 'self'; connect-src 'self' https://*.princeton.edu https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.elfsight.com https://api.instacloud.io https://*.textrecruit.com https://*.juicer.io http0.57%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;img-src 'self' data: ;0.46%
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' http: https: data:; frame-ancestors 'self';0.45%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' ;img-src 'self' data: ;0.44%
allow 'self';0.43%
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org *.tile.opencyclemap.org;0.41%
frame-ancestors scvr.co *.scvr.co0.38%