Content-Security-Policy Analysis for https://backoffice-risco360.creditoexpress.com.br

Open Cached · just now

1 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.hotjar.com https://api.bcb.gov.br wss://ws4.hotjar.com *.hotjar.io *.firebaseio.com data: blob:

default-src Keyword —

'self'

default-src Scheme —

data:

default-src Keyword —

'unsafe-inline'

default-src Keyword —

'unsafe-eval'

default-src Host

Google API JS Client

*.googleapis.com

ASN | Google

default-src Host

Hotjar

*.hotjar.com

ASN | Amazon

default-src Host —

https://api.bcb.gov.br

ASN | Microsoft

default-src Host

Hotjar

wss://ws4.hotjar.com

default-src Host

Hotjar

*.hotjar.io

default-src Host

Firebase

*.firebaseio.com

default-src Scheme —

data:

default-src Scheme —

blob:

Content-Security-Policy-Report-Only

No report-only CSP headers found.