Content-Security-Policy Analysis for https://cards-dev.twitter.com

Open Cached · just now

10 directives

Content-Security-Policy

Content-Security-Policy: default-src 'none'; img-src https://abs.twimg.com; script-src https://abs.twimg.com about:; style-src https://abs.twimg.com 'unsafe-inline'; font-src https://abs.twimg.com https://twitter.com; connect-src 'none'; object-src 'none'; media-src 'none'; frame-src 'none'; report-uri https://twitter.com/i/csp_report?a=ORTGK%3D%3D%3D&ro=false

default-src Keyword —

'none'

img-src Host

Twitter

https://abs.twimg.com

ASN | Cloudflare

script-src Host

Twitter

https://abs.twimg.com

ASN | Cloudflare

script-src Scheme —

about:

style-src Host

Twitter

https://abs.twimg.com

ASN | Cloudflare

style-src Keyword —

'unsafe-inline'

font-src Host

Twitter

https://abs.twimg.com

ASN | Cloudflare

font-src Host

Twitter

https://twitter.com

ASN | Cloudflare

connect-src Keyword —

'none'

object-src Keyword —

'none'

media-src Keyword —

'none'

frame-src Keyword —

'none'

report-uri Host

Twitter

https://twitter.com/i/csp_report?a=ORTGK%3D%3D%3D&ro=false

ASN | Cloudflare

Content-Security-Policy-Report-Only

No report-only CSP headers found.