X-Webkit-CSP-Report-Only HTTP response header

X-Webkit-CSP-Report-Only

HTTP response header

X-webkit-csp-report-only is a depreciated content policy header.

Header usage statistics

X-Webkit-CSP-Report-Only response header information and usage statistics.


Websites using header X-Webkit-CSP-Report-Only	194
Percentage of websites that use X-Webkit-CSP-Report-Only header	<0.1%
Total discovered header values	62
Header uses directives	No
Header values are unique or random	No
Most popular in the country	United States of America

Distribution by websites popularity

X-Webkit-CSP-Report-Only detection in the top websites by popularity

Top 10k sites	5 websites
Top 100k sites	8 websites
Top 1m sites	49 websites

Websites utilizing X-Webkit-CSP-Report-Only

List of websites that use X-Webkit-CSP-Report-Only header

Domain	Country	Rank
www.surveymonkey.com	United States of America	112
www.qualcomm.com	United States of America	1,901
my.mail.ru	Russian Federation	2,133
www.bodybuilding.com	United States of America	6,144
boom.ru	Russian Federation	6,955
pt.surveymonkey.com	United States of America	10,910

See full domain list
Flat price per report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.

Common header values

List of top common X-Webkit-CSP-Report-Only header values

Header value	Value prevalence
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss://.hotjar.com 'self'; frame-ancestors 'self' https://.zendesk.com https://*.myshopify.com https://teams.microsoft.	33.51%
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; report-uri content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; report-to content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=rep	19.07%
report-uri /report-csp-violation	3.09%
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript:	3.09%
default-src 'self';img-src * data:;style-src 'self';font-src 'self';script-src 'self';connect-src 'self';frame-src 'self';child-src 'self';form-action 'self';block-all-mixed-content; report-uri https://bbcsp.report-uri.io/r/default/csp/reportOnly	2.06%
default-src 'self'; report-uri /admin/config/system/seckit/csp-report	2.06%
default-src https: 'unsafe-inline' 'unsafe-eval' data: about:; report-uri /_resources/php/csp-report.php	1.55%
default-src *	1.55%
default-src 'self' https://static.eole-web.fr http://static.eole-web.fr; script-src 'self' 'unsafe-eval' data: http://cdn.ckeditor.com https://cdn.ckeditor.com http://connect.facebook.net https://connect.facebook.net https://platform.twitter.com http://pl	1.55%
default-src https: 'unsafe-inline' 'unsafe-eval' data: about: blob:; report-uri /_resources/php/csp-report.php	1.03%
default-src 'self';img-src * data:;style-src 'self' 'unsafe-inline';font-src 'self';script-src 'self' 'unsafe-inline';connect-src 'self';frame-src 'self';child-src 'self';form-action 'self';block-all-mixed-content; report-uri https://bbcsp.report-uri.io/r	1.03%
report-uri /report-csp-violation; upgrade-insecure-requests	1.03%
block-all-mixed-content; report-uri https://csp-reports.pravmir.ru/https-mixed-content-logger/csp_report_log.php;	1.03%
block-all-mixed-content; report-uri https://www.matrony.ru/https-mixed-content-logger/csp_report_log.php;	1.03%
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /admin/config/system/seckit/csp-report	1.03%
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: https:; block-all-mixed-content; report-uri https://rum.bodybuilding.com/csp;	1.03%
default-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src * data: zixx: zixxs: cid: file: blob:; font-src * data:; connect-src 'self' www.googleapis.com apis	1.03%
default-src 'self' .nasa.gov; script-src 'self' 'unsafe-inline' 'unsafe-eval' s.ytimg.com .googletagmanager.com .earthdata.nasa.gov script.crazyegg.com .google-analytics.com s3.amazonaws.com .youtube.com cdn.datatables.net svc.webspellchecker.net .f	1.03%
default-src 'self' blob:; script-src 'self' 'unsafe-eval' blob: https: www.google.com tags.tiqcdn.com secure.insightexpressai.com browser-update.org .newrelic.com .nr-data.net api.swiftype.com onqblog.disqus.com a.disquscdn.com platform.twitter.com snap	1.03%
default-src 'self' 'unsafe-inline' 'unsafe-eval' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' 'unsafe-inline' 'unsafe-eval' *; med	0.52%