| frame-ancestors 'self'; report-uri /csp_logger | 24.23% |
| default-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src * data: zixx: zixxs: cid: file: blob:; font-src * data:; connect-src 'self' www.googleapis.com apis | 17.38% |
| default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; report-uri content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; | 13.95% |
| default-src *; script-src *; object-src *; style-src *; img-src *; media-src *; frame-src *; font-src *; connect-src * | 5.20% |
| report-uri /report-csp-violation; upgrade-insecure-requests | 4.49% |
| default-src 'self'; connect-src 'self' https://*.amazonaws.com/translations.userguiding.com/ https://sentry.io https://app.getbeamer.com https://*.userguiding.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com | 3.90% |
| report-uri /report-csp-violation | 2.96% |
| default-src 'self'; script-src 'self' maps.googleapis.com *.youtube.com *.trustarc.com www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net unpkg.com cdn.gbqofs.com *.cdn-net.com *.accdab.net *.world | 2.36% |
| default-src 'self'; report-uri /admin/config/system/seckit/csp-report | 1.18% |
| default-src 'report-sample' https: 'unsafe-eval' 'unsafe-inline'; img-src 'report-sample' https: data:; frame-src *; font-src 'report-sample' 'self' https://fonts.gstatic.com https://script.hotjar.com https://static.olark.com data:; connect-src 'report-sa | 1.18% |
| base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://apikeys.civiccomputing.com http://apikeys.civiccomputing.com apikeys.civiccomputing.com https://ig.instant-toke | 0.95% |
| default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: | 0.83% |
| default-src 'self' data: *; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *; object-src 'self' data: *; style-src 'self' data: 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' data: *; frame-src 'self'; font-src 'self' data: *; connect- | 0.83% |
| default-src https: 'unsafe-inline' 'unsafe-eval' data: about: blob:; report-uri /_resources/php/csp-report.php | 0.83% |
| base-uri 'self'; default-src 'none'; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://*.stripe.com/v3/ https://*.twitter.com/ https://fonts.googleapis.com/ https://*.bwb.co.nz; connect-src ' | 0.71% |
| default-src https: 'unsafe-inline' 'unsafe-eval' data: about:; report-uri /_resources/php/csp-report.php | 0.71% |
| base-uri 'self'; default-src 'self'; connect-src 'self' https://track.connect.bcg.com https://heapanalytics.com https://session-replay.browser-intake-datadoghq.com https://*.logs.datadoghq.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 's | 0.71% |
| default-src * | 0.59% |
| default-src 'self'; report-uri /admin/settings/seckit/csp-report | 0.47% |
| default-src 'self';img-src * data:;style-src 'self' 'unsafe-inline';font-src 'self';script-src 'self' 'unsafe-inline';connect-src 'self';frame-src 'self';child-src 'self';form-action 'self';block-all-mixed-content; report-uri https://bbcsp.report-uri.io/r | 0.47% |
United States
Russia
Belgium
Australia