Content-Security-Policy Analysis for https://demo.meddbase.com

Open Cached · just now

8 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self' *.meddbase.com *.sagepay.com *.elavon.com *.gstatic.com *.google.com *.googleapis.com  *.redoc.ly 'unsafe-eval' 'unsafe-inline' ms-word: ms-excel: ms-powerpoint: ms-visio:; img-src 'self' * data: blob:; font-src 'self' * data:; object-src 'self' *.meddbase.com *.sagepay.com *.elavon.com 'unsafe-eval' 'unsafe-inline' ms-word: ms-excel: ms-powerpoint: ms-visio: data:; frame-src 'self' *.meddbase.com *.sagepay.com *.elavon.com *.americanexpress.com *.touchtechpayments.com 'unsafe-eval' 'unsafe-inline' ms-word: ms-excel: ms-powerpoint: ms-visio: blob: *.visbion.com;connect-src 'self' *.meddbase.com *.googleapis.com *.sagepay.com *.elavon.com wss://*.meddbase.com ws://*.meddbase.com blob:; report-uri /webservices/cspreport; worker-src 'self' blob:

default-src Keyword —

'self'

default-src Host —

*.meddbase.com

ASN | Cloudflare

default-src Host —

*.sagepay.com

ASN | Incapsula

default-src Host —

*.elavon.com

ASN | US-BANCORP - U.S. BANCORP

default-src Host

Google Static File Front End

*.gstatic.com

default-src Host

Google Search

*.google.com

default-src Host

Google API JS Client

*.googleapis.com

default-src Host —

*.redoc.ly

default-src Keyword —

'unsafe-eval'

default-src Keyword —

'unsafe-inline'

default-src Scheme —

ms-word:

default-src Scheme —

ms-excel:

default-src Scheme —

ms-powerpoint:

default-src Scheme —

ms-visio:

img-src Keyword —

'self'

img-src Host —

*

img-src Scheme —

data:

img-src Scheme —

blob:

font-src Keyword —

'self'

font-src Host —

*

font-src Scheme —

data:

object-src Keyword —

'self'

object-src Host —

*.meddbase.com

ASN | Cloudflare

object-src Host —

*.sagepay.com

ASN | Incapsula

object-src Host —

*.elavon.com

ASN | US-BANCORP - U.S. BANCORP

object-src Keyword —

'unsafe-eval'

object-src Keyword —

'unsafe-inline'

object-src Scheme —

ms-word:

object-src Scheme —

ms-excel:

object-src Scheme —

ms-powerpoint:

object-src Scheme —

ms-visio:

object-src Scheme —

data:

frame-src Keyword —

'self'

frame-src Host —

*.meddbase.com

ASN | Cloudflare

frame-src Host —

*.sagepay.com

ASN | Incapsula

frame-src Host —

*.elavon.com

ASN | US-BANCORP - U.S. BANCORP

frame-src Host —

*.americanexpress.com

frame-src Host —

*.touchtechpayments.com

ASN | AlexHost ALEXHOST SRL

frame-src Keyword —

'unsafe-eval'

frame-src Keyword —

'unsafe-inline'

frame-src Scheme —

ms-word:

frame-src Scheme —

ms-excel:

frame-src Scheme —

ms-powerpoint:

frame-src Scheme —

ms-visio:

frame-src Scheme —

blob:

frame-src Host —

*.visbion.com

ASN | VDATA Redcentric Solutions Ltd

connect-src Keyword —

'self'

connect-src Host —

*.meddbase.com

ASN | Cloudflare

connect-src Host

Google API JS Client

*.googleapis.com

connect-src Host —

*.sagepay.com

ASN | Incapsula

connect-src Host —

*.elavon.com

ASN | US-BANCORP - U.S. BANCORP

connect-src Host —

wss://*.meddbase.com

ASN | Cloudflare

connect-src Host —

ws://*.meddbase.com

ASN | Cloudflare

connect-src Scheme —

blob:

report-uri Host —

/webservices/cspreport

worker-src Keyword —

'self'

worker-src Scheme —

blob:

Content-Security-Policy-Report-Only

No report-only CSP headers found.