Content-Security-Policy Analysis for https://combine.block64.com

Open Cached · just now

8 directives

Content-Security-Policy

Content-Security-Policy: default-src 'none'; connect-src 'self' https://*.block64.com https://*.google-analytics.com; img-src 'self' https://*.block64.com https://*.google-analytics.com data:; worker-src 'self' blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.google-analytics.com https://*.gstatic.com https://*.googletagmanager.com https://status.block64.com; style-src 'unsafe-inline' 'self'; font-src 'self' https://*.block64.com https://fonts.gstatic.com data:; frame-src https://*.statuspage.io https://copilotstudio.microsoft.com

default-src Keyword —

'none'

connect-src Keyword —

'self'

connect-src Host —

https://*.block64.com

ASN | Cloudflare

connect-src Host

Google Analytics

https://*.google-analytics.com

img-src Keyword —

'self'

img-src Host —

https://*.block64.com

ASN | Cloudflare

img-src Host

Google Analytics

https://*.google-analytics.com

img-src Scheme —

data:

worker-src Keyword —

'self'

worker-src Scheme —

blob:

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Keyword —

'self'

script-src Host

Google Analytics

https://*.google-analytics.com

script-src Host

Google Static File Front End

https://*.gstatic.com

script-src Host

Google Tag Manager

https://*.googletagmanager.com

script-src Host —

https://status.block64.com

style-src Keyword —

'unsafe-inline'

style-src Keyword —

'self'

font-src Keyword —

'self'

font-src Host —

https://*.block64.com

ASN | Cloudflare

font-src Host

Google Fonts

https://fonts.gstatic.com

font-src Scheme —

data:

frame-src Host

Statuspage

https://*.statuspage.io

frame-src Host —

https://copilotstudio.microsoft.com

ASN | Microsoft

Content-Security-Policy-Report-Only

No report-only CSP headers found.