Content-Security-Policy Analysis for https://account.google.com

Open Cached · just now

5 directives

Content-Security-Policy

Content-Security-Policy: script-src 'report-sample' 'nonce-_uN0cGyVjABSGjyl0E9o0w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport

script-src Keyword —

'report-sample'

script-src Nonce —

'nonce-_uN0cGyVjABSGjyl0E9o0w'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

object-src Keyword —

'none'

base-uri Keyword —

'self'

report-uri Host —

/cspreport,

report-uri Host —

require-trusted-types-for

report-uri Keyword —

'script'

report-uri Host —

/cspreport

Content-Security-Policy-Report-Only

No report-only CSP headers found.