Content-Security-Policy Analysis for https://bis.se

Open Cached · just now

9 directives

Content-Security-Policy

Content-Security-Policy: script-src 'self' 'nonce-NzJkZmI3ODgtMDFiYy00M2JjLTliNmItMWI4YzNjZTc1MzY5' 'strict-dynamic' https: http: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests;

script-src Keyword —

'self'

script-src Nonce —

'nonce-NzJkZmI3ODgtMDFiYy00M2JjLTliNmItMWI4YzNjZTc1MzY5'

script-src Keyword —

'strict-dynamic'

script-src Scheme —

https:

script-src Scheme —

http:

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

font-src Keyword —

'self'

object-src Keyword —

'none'

base-uri Keyword —

'self'

form-action Keyword —

'self'

frame-ancestors Keyword —

'none'

block-all-mixed-content Source —

(no sources)

upgrade-insecure-requests Source —

(no sources)

Content-Security-Policy-Report-Only

No report-only CSP headers found.