Content-Security-Policy Analysis for https://app.optimizely.com

Open Cached · just now

7 directives

Content-Security-Policy

Content-Security-Policy: script-src http: https: 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' 'strict-dynamic' 'nonce-H31nC3d/MdZWSH54wmoJog=='; img-src data: http: https:; base-uri 'self'; plugin-types application/x-shockwave-flash application/pdf; object-src https://app.optimizely.com/static/includes/swf/ZeroClipboard.swf; frame-ancestors https://app.optimizely.com http://localhost:8000 https://app.experimentengine.com https://app-staging.experimentengine.com https://demo.experimentengine.com https://teams.optimizely.com; report-uri https://cspreporter.optimizely.com/report/999f2de5-b04d-4544-95c6-39705e57da35;

script-src Scheme —

http:

script-src Scheme —

https:

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Keyword —

'report-sample'

script-src Keyword —

'strict-dynamic'

script-src Nonce —

'nonce-H31nC3d/MdZWSH54wmoJog=='

img-src Scheme —

data:

img-src Scheme —

http:

img-src Scheme —

https:

base-uri Keyword —

'self'

plugin-types Host —

application/x-shockwave-flash

plugin-types Host —

application/pdf

object-src Host

Optimizely

https://app.optimizely.com/static/includes/swf/ZeroClipboard.swf

ASN | Cloudflare

frame-ancestors Host

Optimizely

https://app.optimizely.com

ASN | Cloudflare

frame-ancestors Host —

http://localhost:8000

frame-ancestors Host —

https://app.experimentengine.com

frame-ancestors Host —

https://app-staging.experimentengine.com

frame-ancestors Host —

https://demo.experimentengine.com

frame-ancestors Host

Optimizely

https://teams.optimizely.com

report-uri Host

Optimizely

https://cspreporter.optimizely.com/report/999f2de5-b04d-4544-95c6-39705e57da35

Content-Security-Policy-Report-Only

No report-only CSP headers found.