X-Webkit-Csp-Report-Only HTTP Header

Common values for this header

• default-src 'none' https://aws.amazon.com https://*.signin.aws.amazon.com https://signin.aws.amazon.com 'unsafe-inline'; img-src 'self' https://*.signin.aws.amazon.com https://signin.aws.amazon.com https://images-na.ssl-images-amazon.com https://d1.awsstatic.com https://internal-cdn.amazon.com https://media.amazonwebservices.com https://s3.amazonaws.com https://d36cz9buwru1tt.cloudfront.net; media-src 'self' https://*.signin.aws.amazon.com https://signin.aws.amazon.com https://media.amazonwebservices.com https://d36cz9buwru1tt.cloudfront.net; script-src 'self' https://aws.amazon.com https://*.signin.aws.amazon.com https://signin.aws.amazon.com https://l0.awsstatic.com https://aws.amazon.com 'unsafe-inline'; style-src 'self' https://aws.amazon.com https://*.signin.aws.amazon.com https://signin.aws.amazon.com https://l0.awsstatic.com 'unsafe-inline'; report-uri /metrics/cspreport;
• default-src http://* https://* 'unsafe-inline' 'unsafe-eval' chrome-extension:; connect-src http://* https://* 'unsafe-inline' 'unsafe-eval' chrome-extension:; font-src http://* https://* 'unsafe-inline' 'unsafe-eval' data: chrome-extension:; frame-src http://* https://* 'unsafe-inline' 'unsafe-eval' chrome-extension:; img-src http://* https://* data: chrome-extension:; media-src http://* https://* 'unsafe-inline' 'unsafe-eval' chrome-extension:; object-src http://* https://* 'unsafe-inline' 'unsafe-eval' chrome-extension:; script-src http://* https://* 'unsafe-inline' 'unsafe-eval' chrome-extension:; style-src http://* https://* 'unsafe-inline' 'unsafe-eval' chrome-extension:;
• default-src 'none' https://signin.amazonaws-us-gov.com 'unsafe-inline'; img-src 'self' https://signin.amazonaws-us-gov.com https://images-na.ssl-images-amazon.com https://d1.awsstatic.com https://internal-cdn.amazon.com/ https://media.amazonwebservices.com https://s3.amazonaws.com https://d36cz9buwru1tt.cloudfront.net; media-src 'self' https://signin.amazonaws-us-gov.com https://media.amazonwebservices.com https://d36cz9buwru1tt.cloudfront.net; script-src 'self' https://signin.amazonaws-us-gov.com https://l0.awsstatic.com 'unsafe-inline'; style-src 'self' https://signin.amazonaws-us-gov.com 'unsafe-inline'; report-uri /metrics/cspreport;
• default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri http://log.foto.mail.ru/csperr/; img-src https://* data: ; frame-src https://* about: javascript:
• default-src 'none' https; img-src 'self' https://signin.aws.amazon.com/ https://internal-cdn.amazon.com/ s3.cn-north-1.amazonaws.com.cn https://media.amazonwebservices.com https://s3.amazonaws.com https://aws-marketing.integ.amazon.com https://*.cloudfront.net; media-src 'self' https://media.amazonwebservices.com https://*.cloudfront.net; script-src 'self' signin.aws.amazon.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri /metrics/cspreport;
• media-src *.vaultdev.com *.vod309.com *.veevavault.com; img-src data: *.vaultdev.com *.vod309.com https://*.vaultdev.com *.veevavault.com *.live.com *.veevaalign.com; object-src *.vod309.com *.veevavault.com *.vaultdev.com; base-uri *.vaultdev.com *.vod309.com *.veevavault.com; default-src 'self' *.veevaalign.com *.vaultdev.com *.vod309.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.vaultdev.com *.googleapi.com *.veevavault.com *.vod309.com https://getsatisfaction.com https://ajax.googleapis.com https://loader.engage.gsfn.us https://jsagent.tcell.io; manifest-src 'none'; style-src 'unsafe-inline' 'unsafe-eval' *; font-src 'self' data: *.vaultdev.com *.vod309.com *.veevavault.com; child-src * blob:; frame-src * blob:; connect-src 'self' *.veevavault.com *.vod309.com *.vaultdev.com *.tcell.io; report-uri https://input.tcell.io/csp/a5ce720c7e0203f2bc6dbe086f38a23188d1fa3e54699be6dadc202defea09d3?tid=870d32b0-7eb2-4334-83e2-43a79aab38fa
• style-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.doubleclick.net *.bootstrapcdn.com *.intercomcdn.com *.intercom.io *.jquery.com *.vimeo.com 'unsafe-inline'; script-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.doubleclick.net *.bootstrapcdn.com *.intercomcdn.com *.intercom.io *.jquery.com *.vimeo.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.doubleclick.net *.bootstrapcdn.com *.intercomcdn.com *.intercom.io *.jquery.com *.vimeo.com data:; default-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.doubleclick.net *.bootstrapcdn.com *.intercomcdn.com *.intercom.io *.jquery.com *.vimeo.com; report-uri /security/cspViolationReport
• default-src 'self'; script-src 'self'; object-src 'self'; style-src 'self'; img-src 'self'; media-src 'self'; frame-src 'self'; font-src 'self'; report-uri /admin/config/system/seckit/csp-report
• default-src 'self' *.goodgame.ru wss:; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.goodgame.ru *.yandex.ru *.google-analytics.com *.mail.ru *.googleapis.com vk.com; style-src 'self' 'unsafe-inline' *.goodgame.ru *.googleapis.com; img-src *; media-src * blob:; frame-src *; font-src *; report-uri https://goodgame.report-uri.io/r/default/csp/reportOnly
• default-src https:; script-src 'self' https://www.gstatic.com data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: cisdominion.com; report-uri https://cisdominion.com/lanzadera/api/Csp
• default-src 'self' blob: data: http://cdn.tagcommander.com https://cdn.tagcommander.com http://logw344.ati-host.net http://youtube.com http://www.youtube.com https://www.youtube.com https://s.ytimg.com https://youtube.com http://stats.g.doubleclick.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net/* https://www.google.com https://www.gstatic.com http://www.google-analytics.com https://fonts.gstatic.com https://maps.googleapis.com https://fonts.googleapis.com https://mts0.googleapis.com https://mts1.googleapis.com http://connect.facebook.net https://connect.facebook.net http://staticxx.facebook.com https://staticxx.facebook.com https://www.facebook.com http://localhost 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *; report-uri https://www.axa.com.mycsp-report
• object-src data: 'self' *.yeloplay.be *.telenet-ops.be; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.telenet.be *.yeloplay.be *.telenet-ops.be; img-src data: 'unsafe-inline' 'self' *.telenet.be *.yeloplay.be *.telenet-ops.be; style-src 'self' 'unsafe-inline'; media-src data: blob: 'self' *.telenet.be *.yeloplay.be *.telenet-ops.be; plugin-types application/silverlight application/x-silverlight; default-src 'self' *.telenet.be *.yeloplay.be *.telenet-ops.be; report-uri /report-violation

Related headers

• Date
• Content-Type
• Server
• Cache-Control
• Strict-Transport-Security
• Content-Security-Policy-Report-Only
• X-Content-Security-Policy-Report-Only
• Connection
• Content-Length
• X-Frame-Options
• Expires
• X-Xss-Protection
• Pragma
• X-Content-Type-Options
• X-Ua-Compatible
• Transfer-Encoding
• Location
• Set-Cookie
• Vary
• Content-Encoding
• X-Powered-By
• P3P
• Content-Language
• Etag
• Last-Modified
• X-Request-Id
• X-Runtime
• Access-Control-Allow-Origin
• X-Rack-Cache
• Keep-Alive

---

Share your comments or questions with us

We always read all your comments. If your question is of general interest, it may be added to this page for the benefit of everyone.

Write a comment

Submit feedback