Content-Security-Policy Analysis for https://api.spotify.com

Open Cached · 5h ago

7 directives

Content-Security-Policy

Content-Security-Policy: base-uri 'self'; connect-src https://developer-assets.spotifycdn.com https://embed-cdn.spotifycdn.com https://stats.g.doubleclick.net https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://translate.googleapis.com https://cdn.cookielaw.org https://*.onetrust.com https://*.spotify.com https://*.spotify.net https://*.spotify.dev https://*.sentry.io wss://*.spotify.com wss://*.spotify.net; form-action https:; frame-ancestors 'self' https://*.spotify.com https://*.spotify.net; object-src 'none'; script-src https://developer-assets.spotifycdn.com https://*.spotify.com https://*.spotify.net https://open.spotifycdn.com https://embed-cdn.spotifycdn.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://translate.googleapis.com https://translate.google.com https://cdn.cookielaw.org 'unsafe-eval' 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' https://open.spotify.com 'sha256-usT+6qPuOS6IkYtKfVmDANmKvyw2VIa1A0slyo1mSmw='; report-uri https://o22381.ingest.sentry.io/api/4504887026384896/security/?sentry_key=f4a7c7c55acb47ab8ff900050fce0bd4

base-uri Keyword —

'self'

connect-src Host —

https://developer-assets.spotifycdn.com

connect-src Host —

https://embed-cdn.spotifycdn.com

connect-src Host

Google DoubleClick

https://stats.g.doubleclick.net

connect-src Host

Google Tag Manager

https://*.googletagmanager.com

connect-src Host

Google Analytics

https://*.analytics.google.com

connect-src Host

Google Analytics

https://*.google-analytics.com

connect-src Host

Google Translate

https://translate.googleapis.com

connect-src Host

OneTrust

https://cdn.cookielaw.org

ASN | Cloudflare

connect-src Host

OneTrust

https://*.onetrust.com

ASN | Cloudflare

connect-src Host

Spotify

https://*.spotify.com

ASN | Google Cloud

connect-src Host —

https://*.spotify.net

ASN | Google Cloud

connect-src Host —

https://*.spotify.dev

ASN | Google Cloud

connect-src Host

Sentry

https://*.sentry.io

ASN | Google Cloud

connect-src Host

Spotify

wss://*.spotify.com

ASN | Google Cloud

connect-src Host —

wss://*.spotify.net

ASN | Google Cloud

form-action Scheme —

https:

frame-ancestors Keyword —

'self'

frame-ancestors Host

Spotify

https://*.spotify.com

ASN | Google Cloud

frame-ancestors Host —

https://*.spotify.net

ASN | Google Cloud

object-src Keyword —

'none'

script-src Host —

https://developer-assets.spotifycdn.com

script-src Host

Spotify

https://*.spotify.com

ASN | Google Cloud

script-src Host —

https://*.spotify.net

ASN | Google Cloud

script-src Host —

https://open.spotifycdn.com

script-src Host —

https://embed-cdn.spotifycdn.com

script-src Host

Google Tag Manager

https://*.googletagmanager.com

script-src Host

Google Analytics

https://*.analytics.google.com

script-src Host

Google Analytics

https://*.google-analytics.com

script-src Host

Google Translate

https://translate.googleapis.com

script-src Host

Google Translate

https://translate.google.com

script-src Host

OneTrust

https://cdn.cookielaw.org

ASN | Cloudflare

script-src Keyword —

'unsafe-eval'

script-src Hash —

'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw='

script-src Host

Spotify

https://open.spotify.com

script-src Hash —

'sha256-usT+6qPuOS6IkYtKfVmDANmKvyw2VIa1A0slyo1mSmw='

report-uri Host

Sentry

https://o22381.ingest.sentry.io/api/4504887026384896/security/?sentry_key=f4a7c7c55acb47ab8ff900050fce0bd4

ASN | Google Cloud

Content-Security-Policy-Report-Only

No report-only CSP headers found.