I have defined my security policy as:

default-src 'self'; script-src 'self'; frame-src 'self';  style-src 'self' 'unsafe-inline'; 

(I still have CSS at the head of several pages).

I have no trouble with Firefox or Chrome (IE doesn't support CSP yet) but, when I try testing in Safari, I get a string of errors like:

Refused to load style from 'http://localhost/styles/alliance.css' because of Content-Security-Policy.
.
.
.
Refused to load image from 'http://localhost/images/Landing1.jpg' because of Content-Security-Policy.
.
.
.
Refused to load script from 'http://localhost/JQuery/jquery-1.7.2.min.js' because of Content-Security-Policy.

The images should be covered by default-src and the other two are listed as "Self" so I don't know why Safari is not accepting my images and scripts. I do not have a Mac so I am using Safari on Windows (5.1.7).

Any ideas? Thank you!

Safari 5 is a bit behind in its implementation of CSP. Safari 6 is much better, but I don't think its been released for Windows. I think you're simply seeing implementation bugs. If WebKit nightlies are available for Windows, that might be a good alternative for testing.

Honestly, though, I wouldn't recommend serving the X-WebKit-CSP header to Safari 5. Safari 6, yes, but 5 is a bit too broken to really use.

Note also that you can simplify your policy. Both script-src and frame-src will fall back to default-src. default-src 'self'; style-src 'self' 'unsafe-inline' should have the same effect.