Legacy and deprecated variant of the Content-Security-Policy header used by WebKit browsers in the initial period.

Reference...

We have seen 336 websites setting the X-WebKit-CSP HTTP header and 246 unique values of this header.

  • alamaula.com connect-src * 'self'
  • national-lottery.co.uk default-src 'self'; script-src 'self' 'unsafe-eval' tags.tiqcdn.com tealium.hs.llnwd.net e8091.b.akamaiedge.net connect.facebook.net platform.twitter.com *.maxymiser.net *.maxymiser.com *.turn.com camelotcdn.abaresearch.uk prf.hn *.egaincloud.net *.twimg.com d2oh4tlt9mrke9.cloudfront.net ws.sessioncam.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' camelotcdn.abaresearch.uk *.maxymiser.com *.maxymiser.net prf.hn *.egaincloud.net *.twitter.com; frame-src 'self' https://payments1.national-lottery.co.uk https://payments2.national-lottery.co.uk *.doubleclick.net *.tealiumiq.com www.youtube.com platform.twitter.com twitter.com static.ak.facebook.com s-static.ak.facebook.com www.facebook.com *.maxymiser.net *.maxymiser.com qgen.abaresearch.co.uk *.egaincloud.net www.google.com; img-src 'self' camelot.d3.sc.omtrdc.net *.turn.com *.maxymiser.com *.maxymiser.net camelotcdn.abaresearch.uk prf.hn *.egaincloud.net *.twitter.com *.twimg.com www.facebook.com ws.sessioncam.com blob:; connect-src 'self' camelotcdn.abaresearch.uk *.egaincloud.net *.tealiumiq.com ws.sessioncam.com
  • usanpedro.edu.pe default-src 'none'; img-src 'self' http://usanpedro.edu.pe http://www.usanpedro.edu.pe http://www2015.usanpedro.edu.pe http://statistics.usanpedro.edu.pe data: http://revistaimagina.com https://www.google.com https://img.youtube.com http://www.google-analytics.com http://v2.zopim.com http://0.gravatar.com; script-src 'unsafe-inline' 'unsafe-eval' http://usanpedro.edu.pe http://www.usanpedro.edu.pe http://www2015.usanpedro.edu.pe http://statistics.usanpedro.edu.pe http://revistaimagina.com http://translate.google.com https://translate.googleapis.com http://ajax.googleapis.com http://www.google-analytics.com http://code.jquery.com http://v2.zopim.com; style-src 'unsafe-inline' 'unsafe-eval' http://usanpedro.edu.pe http://www.usanpedro.edu.pe http://revistaimagina.com http://netdna.bootstrapcdn.com https://translate.googleapis.com http://fonts.googleapis.com; connect-src 'self' http://statistics.usanpedro.edu.pe wss://*.zopim.com; object-src 'self'; frame-src 'self' http://usanpedro.edu.pe http://www.usanpedro.edu.pe https://www.youtube.com http://www.youtube.com http://www.facebook.com https://www.facebook.com; font-src 'self' http://fonts.gstatic.com http://v2.zopim.com data:;
  • softbesplatno.net default-src 'self'; img-src 'self' data: www.google-analytics.com bs.yandex.ru img.yandex.net wimg.yandex.net sync.audtd.com imgg.tovarro.com track.rtb-media.ru *.hotlog.ru counter.yadro.ru *.marketgid.com counter.tovarro.com mg.yadro.ru front.facetz.net chart.apis.google.com d7.c2.b3.a2.top.mail.ru *.mail.ru; style-src 'self' 'unsafe-inline'; script-src blob: www.google-analytics.com mc.yandex.ru jsc.dt00.net *.marketgid.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-src www.youtube.com https://www.youtube.com 'self'; object-src 'self' www.youtube.com https://s.ytimg.com https://*.googlevideo.com https://www.youtube.com https://s.youtube.com gdata.youtube.com i.ytimg.com; font-src 'self'; connect-src 'self' mc.yandex.ru;
  • hertz.com.au frame-ancestors 'self'
  • lenoxhillhospital.org default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.google-analytics.com cdn.optimizely.com www.bugherd.com sjrtp4-cdn.marketo.com www.googletagmanager.com cdn.callrail.com cdn-akamai.mookie1.com secure-ds.serving-sys.com munchkin.marketo.net *.calltrk.com tags.tiqcdn.com bs.serving-sys.com *.marketo.com app.callrail.com *.jwpcdn.com www.youtube.com *.addthis.com m.addthisedge.com s.ytimg.com graph.facebook.com widgets.pinterest.com *.googleapis.com use.typekit.net *.northwell.edu video.limelight.com *.delvenetworks.com static.addtoany.com malihu.github.io ajax.aspnetcdn.com s.gravatar.com *.wp.com calltrk-production.s3.amazonaws.com *.googleadservices.com ajax.microsoft.com code.jquery.com api.html5media.info *.cloudfront.net *.jwpcdn.com *.newrelic.com bam.nr-data.net tagmanager.google.com *.surveymonkey.com console.brightwhistle.com js.callrail.com content.healthwise.net *.licdn.com *.linkedin.com *.bizographics.com *.influencehealth.com *.adnxs.com; object-src 'self' video.limelight.com assets.delvenetworks.com; style-src 'self' 'unsafe-inline' rtp-static.marketo.com *.googleapis.com *.bootstrapcdn.com *.northwell.edu malihu.github.io static.addtoany.com s.gravatar.com code.jquery.com *.cloudfront.net *.surveymonkey.com *.marketo.com *.adnxs.com *.linkedin.com; img-src 'self' data: *.google-analytics.com *.g.doubleclick.net www.facebook.com www.google.com jwpltx.com api.nslijweb.com csi.gstatic.com *.googleapis.com maps.gstatic.com img.delvenetworks.com *.llnw.net m.addthis.com *.northwell.edu northwellhealt.wpengine.com *.gravatar.com *.wp.com *.northwell.io *.cloudfront.net *.amazonaws.com www.bugherd.com *.surveymonkey.com img.youtube.com *.googleadservices.com maps.googleapis.com *.mxptint.net dpm.demdex.net ad.yieldmanager.com ad.afy11.net d.agkn.com idsync.rlcdn.com *.bluekai.com *.openx.net *.rubiconproject.com *.adnxs.com sync.adaptv.advertising.com *.linkedin.com; media-src 'self' *.llnw.net *.delvenetworks.com *.llnw.com; frame-src 'self' cdn-akamai.mookie1.com tags.tiqcdn.com s7.addthis.com www.youtube.com static.addtoany.com *.doubleclick.net www.google.com *.understand.com *.marketo.com *.sli.do *.facebook.com/tr/; font-src 'self' data: themes.googleusercontent.com fonts.gstatic.com *.bootstrapcdn.com www.bugherd.com; connect-src 'self' 'unsafe-inline' 309-lvl-470.mktoresp.com sjrtp4.marketo.com m.addthis.com *.pusherapp.com *.pusher.com www.bugherd.com *.google-analytics.com api.northwell.edu content.healthwise.net *.facebook.com *.adnxs.com; report-uri /admin/config/system/seckit/csp-report
  • sendevideoizle.com script-src http://*.scorecardresearch.com 'unsafe-inline'
  • www.chronicle.gi default-src 'self'
  • www.denkwerk.com default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.denkwerk.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com *.doubleclick.net; connect-src 'self' *.denkwerk.com; font-src 'self' *.denkwerk.com; media-src *.denkwerk.com player.vimeo.com *.vimeocdn.com gcs-vimeo.akamaized.net;
  • searchingresult.com default-src 'self'; script-src 'self' 'unsafe-inline'
  • backlinkshelf.com script-src http://*.scorecardresearch.com 'unsafe-inline'
  • fatfuckfrank.org default-src 'self'; script-src 'self' 'unsafe-inline'
  • bitdefender.com.au frame-ancestors 'self' http://www.bitdefender.com.au
  • silklyrics.com script-src http://*.scorecardresearch.com 'unsafe-inline'
  • artmodelscenter.com script-src http://*.scorecardresearch.com 'unsafe-inline'
  • www.theaustralian.com.au block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; report-uri https://collectors.au.sumologic.com/receiver/v1/http/ZaVnC4dhaV2fq-TmkezxDM5kD77zglzTUyrlNqPe059oQhlSBcEFmaLaBbMi5G2BkSSJjyA6wJZ-iUDLrux0ATja4lHZr94sfyyTtdVcA_GiHULLYxFY7Q==
  • wtfvidd.com script-src http://*.scorecardresearch.com 'unsafe-inline'
  • widememory.com default-src 'self'; script-src 'self'; object-src 'self'; img-src 'self'; media-src 'self'; frame-src 'self'; font-src 'self'; connect-src 'self'
  • bestgold.ru script-src 'self' 'unsafe-inline' 'unsafe-eval' http://adv.bestgold.ru https://apis.google.com http://www.google-analytics.com http://mc.yandex.ru http://*.jivosite.com http://yandex.st http://gold-affiliate.com https://gold-affiliate.com;
  • time2online.net default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.time2online.net code.jquery.com userapi.com recreativ.ru yandex.st *.yandex.ru onelitt.ru *.bubblesmedia.ru ad.kaniztra.com c.100im.info jsc.dt00.net *.marketgid.com am15.net *.am15.net *.tbn.ru openstat.net cdn.connect.mail.ru *.gstatic.com vk.com pagead2.googlesyndication.com www.google-analytics.com; object-src 'self' *.tvigle.ru ad.kaniztra.com videomore.ru *.1tv.ru *.molodejj.tv *.ivi.ru *.zoomby.ru www.gstatic.com; style-src 'self' 'unsafe-inline' *.marketgid.com recreativ.ru fonts.googleapis.com; img-src *; media-src 'self' *.mail.ru; frame-src 'self' *.am15.net *.tbn.ru *.1tv.ru yastatic.net connect.mail.ru www.youtube.com https://vk.com https://www.youtube.com vk.com rutube.ru *.rutv.ru veterok.tv *.videokub.me *.ntv.ru *.mail.ru *.now.ru *.molodejj.tv googleads.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com; connect-src 'self' mc.yandex.ru videomore.ru *.1tv.ru *.1internet.tv rutube.ru *.molodejj.tv *.bubblesmedia.ru *.gstatic.com;
  • www.sbmgroup.mu report-uri /report-csp-violation
  • urlaubsguru.de frame-ancestors 'self' *.urlaubsguru.de urlaubsguru.de *.t-online.de t-online.de
  • tepapa.govt.nz default-src 'self' *.soundcloud.com *.sndcdn.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.typekit.net *.googletagmanager.com *.google-analytics.com *.pingdom.net www.catalyst-analytics.nz d3qy04aabho0yp.cloudfront.net *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com cdn.syndication.twimg.com *.instagram.com *.knightlab.com *.soundcloud.com *.hotjar.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.typekit.net fonts.googleapis.com hello.myfonts.net *.twitter.com *.knightlab.com; img-src 'self' data: *.typekit.net *.google-analytics.com *.doubleclick.net *.shopify.com *.pingdom.net www.catalyst-analytics.nz *.simpleheatmaps.com www.tepapa.govt.nz *.twitter.com pbs.twimg.com dl.dropboxusercontent.com *.myfonts.net media.tepapa.govt.nz co3-api-mediastorage.s3-ap-southeast-2.amazonaws.com co3-api-mediastorage.s3.ap-southeast-2.amazonaws.com; frame-src 'self' *.bookitsecure.com google.com *.google.com tepapa.infospecs.co.nz *.youtube.com *.vimeo.com *.catalyst.net.nz radionz.co.nz jobs.tepapa.govt.nz *.tepapa.govt.nz tepapafoundation.secure.force.com sec.paymentexpress.com *.book2look.com *.boombox.com *.myfonts.net *.knightlab.com www.qzzr.com *.twitter.com *.instagram.com *.facebook.com *.hotjar.com *.soundcloud.com *.nzonscreen.com; font-src 'self' data: *.bootstrapcdn.com fonts.gstatic.com fonts.typekit.net www.tepapa.govt.nz cdn.knightlab.com; connect-src 'self' *.pingdom.net *.google-analytics.com spreadsheets.google.com *.myfonts.net *.hotjar.com graylog.hotjar.com; report-uri /report-csp-violation
  • cn-weitai.com script-src http://*.scorecardresearch.com 'unsafe-inline'
  • blogdohotelurbano.com script-src http://*.scorecardresearch.com 'unsafe-inline'
Fully automated RESTful API is now available. Subscribe for your free trial today!