Content-Security-Policy Analysis for https://api.gitlabhost.com

Open Cached · 3h ago

9 directives

Content-Security-Policy

Content-Security-Policy: font-src 'self' https://fonts.gstatic.com data:; default-src 'self'; frame-ancestors 'self'; connect-src 'self' https://www.google.com/recaptcha/; base-uri 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'nonce-EKLqRM0tS9yZh3ChXwbYig==' 'strict-dynamic'; img-src 'self' data:; frame-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/

font-src Keyword —

'self'

font-src Host

Google Fonts

https://fonts.gstatic.com

font-src Scheme —

data:

default-src Keyword —

'self'

frame-ancestors Keyword —

'self'

connect-src Keyword —

'self'

connect-src Host

Google reCAPTCHA

https://www.google.com/recaptcha/

base-uri Keyword —

'self'

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Google Fonts

https://fonts.googleapis.com

script-src Nonce —

'nonce-EKLqRM0tS9yZh3ChXwbYig=='

script-src Keyword —

'strict-dynamic'

img-src Keyword —

'self'

img-src Scheme —

data:

frame-src Keyword —

'self'

frame-src Keyword —

'unsafe-inline'

frame-src Host

Google reCAPTCHA

https://www.google.com/recaptcha/

Content-Security-Policy-Report-Only

No report-only CSP headers found.