Content-Security-Policy Analysis for https://cdn.czno.com

Open Cached · just now

16 directives

Content-Security-Policy

No enforced CSP headers found.

Content-Security-Policy-Report-Only

Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'nonce-Podclez3ZFmLxf1J7DFuIA==' 'strict-dynamic' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' *.czno.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.mtch.com blob: https:; font-src 'self' *.match.com *.cookielaw.org *.onetrust.com *.optanon.com *.gstatic.com *.googleapis.com *.czno.com; connect-src 'self' https: blob: ; frame-src 'self' *.match.com *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.adtrafficquality.google *.adnxs.com *.criteo.com *.criteo.net *.rubiconproject.com ads.pubmatic.com js-sec.indexww.com *.pinterest.com *.snapchat.com *.facebook.com *.match.com *.mtch.com *.arkoselabs.com *.nift.me; media-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self' *.facebook.com; frame-ancestors 'self' *.match.com; manifest-src 'self'; worker-src 'self' blob:; report-uri /csp-violation-report;

default-src Keyword —

'self'

script-src Keyword —

'self'

script-src Nonce —

'nonce-Podclez3ZFmLxf1J7DFuIA=='

script-src Keyword —

'strict-dynamic'

script-src Keyword —

'unsafe-eval'

script-src Scheme —

blob:

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host —

*.czno.com

style-src-attr Keyword —

'unsafe-inline'

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Host —

*.mtch.com

ASN | Cloudflare

img-src Scheme —

blob:

img-src Scheme —

https:

font-src Keyword —

'self'

font-src Host —

*.match.com

ASN | Cloudflare

font-src Host

OneTrust

*.cookielaw.org

ASN | Cloudflare

font-src Host

OneTrust

*.onetrust.com

ASN | Cloudflare

font-src Host —

*.optanon.com

ASN | Cloudflare

font-src Host

Google Static File Front End

*.gstatic.com

font-src Host

Google API JS Client

*.googleapis.com

font-src Host —

*.czno.com

connect-src Keyword —

'self'

connect-src Scheme —

https:

connect-src Scheme —

blob:

frame-src Keyword —

'self'

frame-src Host —

*.match.com

ASN | Cloudflare

frame-src Host

Google Tag Manager

*.googletagmanager.com

frame-src Host

Google DoubleClick

*.doubleclick.net

frame-src Host

Google AdSense

*.googlesyndication.com

frame-src Host

Google AdSense

*.adtrafficquality.google

frame-src Host

AppNexus (Xandr)

*.adnxs.com

ASN | ASN-APPNEXUS - Xandr Inc.

frame-src Host

Criteo

*.criteo.com

frame-src Host

Criteo

*.criteo.net

frame-src Host

Rubicon Project

*.rubiconproject.com

ASN | SWITCH-LTD - SWITCH

frame-src Host

PubMatic

ads.pubmatic.com

frame-src Host

Index Exchange

js-sec.indexww.com

ASN | Cloudflare

frame-src Host

Pinterest

*.pinterest.com

frame-src Host

Snapchat

*.snapchat.com

ASN | Google Cloud

frame-src Host

Facebook

*.facebook.com

frame-src Host —

*.match.com

ASN | Cloudflare

frame-src Host —

*.mtch.com

ASN | Cloudflare

frame-src Host

Arkose Labs

*.arkoselabs.com

frame-src Host —

*.nift.me

media-src Keyword —

'self'

media-src Scheme —

data:

object-src Keyword —

'none'

base-uri Keyword —

'self'

form-action Keyword —

'self'

form-action Host

Facebook

*.facebook.com

frame-ancestors Keyword —

'self'

frame-ancestors Host —

*.match.com

ASN | Cloudflare

manifest-src Keyword —

'self'

worker-src Keyword —

'self'

worker-src Scheme —

blob:

report-uri Host —

/csp-violation-report