Content-Security-Policy Analysis for https://avisablue.com

Open Cached · just now

9 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://apis.google.com; connect-src 'self' https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://*.cloudfunctions.net https://*.run.app; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; frame-src 'self' https://*.firebaseapp.com https://accounts.google.com; base-uri 'self'; form-action 'self' https://accounts.google.com

default-src Keyword —

'self'

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Host

Google API JS Client

https://apis.google.com

connect-src Keyword —

'self'

connect-src Host

Google API JS Client

https://*.googleapis.com

connect-src Host

Firebase

https://*.firebaseio.com

connect-src Host

Firebase

wss://*.firebaseio.com

connect-src Host

Google Cloud Functions

https://*.cloudfunctions.net

connect-src Host

Google Cloud Run

https://*.run.app

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Scheme —

https:

font-src Keyword —

'self'

frame-src Keyword —

'self'

frame-src Host

Firebase

https://*.firebaseapp.com

frame-src Host

Google Sign-In

https://accounts.google.com

base-uri Keyword —

'self'

form-action Keyword —

'self'

form-action Host

Google Sign-In

https://accounts.google.com

Content-Security-Policy-Report-Only

No report-only CSP headers found.