Content-Security-Policy Analysis for https://app.clipchamp.com

Open Cached · just now

12 directives

Content-Security-Policy

Content-Security-Policy: frame-ancestors https://*.box.com/ https://www.microsoft.com/ 'self'; base-uri 'self'; form-action https://www.facebook.com https://www.microsoft.com; object-src 'none'; script-src 'self' https: 'unsafe-eval' 'sha256-kku4Td90tvWRjRfWM2//FkpDVijaluU9wwSG7BJD6pE=' https://translate.google.com https://translate.googleapis.com 'report-sample'; worker-src 'self' blob:; report-to CREMSEndpoint; report-uri https://csp.microsoft.com/report/Clipchamp-Classic-PROD

frame-ancestors Host

Box

https://*.box.com/

ASN | Google Cloud

frame-ancestors Host —

https://www.microsoft.com/

ASN | Akamai

frame-ancestors Keyword —

'self'

base-uri Keyword —

'self'

form-action Host

Facebook

https://www.facebook.com

ASN | Facebook

form-action Host —

https://www.microsoft.com

ASN | Akamai

object-src Keyword —

'none'

script-src Keyword —

'self'

script-src Scheme —

https:

script-src Keyword —

'unsafe-eval'

script-src Hash —

'sha256-kku4Td90tvWRjRfWM2//FkpDVijaluU9wwSG7BJD6pE='

script-src Host

Google Translate

https://translate.google.com

ASN | Google

script-src Host

Google Translate

https://translate.googleapis.com

ASN | Google

script-src Keyword —

'report-sample'

worker-src Keyword —

'self'

worker-src Scheme —

blob:

report-to Host —

CREMSEndpoint

report-uri Host —

https://csp.microsoft.com/report/Clipchamp-Classic-PROD

ASN | Microsoft

Content-Security-Policy-Report-Only

Content-Security-Policy-Report-Only: manifest-src 'self'; font-src 'self' https://clipchamp.com https://fonts.gstatic.com https://use.fontawesome.com https://res-1.cdn.office.net; report-to CREMSEndpoint; report-uri https://csp.microsoft.com/report/Clipchamp-Classic-PROD

manifest-src Keyword —

'self'

font-src Keyword —

'self'

font-src Host —

https://clipchamp.com

ASN | Microsoft

font-src Host