Content-Security-Policy Analysis for https://dev.iqrf.org

Open Cached · just now

11 directives

Content-Security-Policy

Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://ssl.google-analytics.com https://cse.google.com/ https://www.google.com/cse/; script-src-elem *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com/cse/ https://translate.googleapis.com https://clients1.google.com/complete/search; img-src 'self' data: https://api.iqrf.org https://*.ytimg.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/cse/ https://www.googleapis.com/generate_204 https://*.google.com/generate_204 https://translate.googleapis.com https://translate.google.com/gen204 https://encrypted-tbn0.gstatic.com/images https://encrypted-tbn1.gstatic.com/images https://encrypted-tbn2.gstatic.com/images https://encrypted-tbn3.gstatic.com/images https://www.google.com/images/ https://www.gstatic.com/images/branding/product/ https://ssl.gstatic.com/ui/v1/disclosure/small-grey-disclosure-arrow-down.png; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://api.iqrf.org https://sentry.iqrf.org https://repository.iqrfalliance.org https://www.google-analytics.com https://ssl.google-analytics.com https://translate.googleapis.com; media-src 'self' https://*.youtube.com https://*.youtube-nocookie.com; object-src 'self' https://*.googlevideo.com https://*.ytimg.com https://*.youtube.com https://*.youtube-nocookie.com; frame-src https://*.youtube.com https://*.youtube-nocookie.com https://www.google.com/recaptcha/ https://www.google.com/maps/; report-uri https://sentry.iqrf.org/api/3/security/?sentry_key=288d672682d34ababb8e73a48cdd8d46

No enforced CSP headers found.

Content-Security-Policy-Report-Only

default-src Keyword — 'self'

script-src Keyword — 'self'

script-src Keyword — 'unsafe-inline'

script-src Keyword — 'unsafe-eval'

script-src Host

YouTube https://s.ytimg.com

script-src Host

YouTube https://www.youtube.com

script-src Host

YouTube https://www.youtube-nocookie.com

script-src Host

Google reCAPTCHA https://www.google.com/recaptcha/

script-src Host

Google Static File Front End https://www.gstatic.com/recaptcha/

script-src Host

Google Analytics https://www.google-analytics.com

script-src Host

Google Analytics https://ssl.google-analytics.com

script-src Host — https://cse.google.com/

script-src Host

Google Search https://www.google.com/cse/

script-src-elem Host — *

style-src Keyword — 'self'

style-src Keyword — 'unsafe-inline'

style-src Host

Google Fonts https://fonts.googleapis.com

style-src Host

Google Search https://www.google.com/cse/

style-src Host

Google Translate https://translate.googleapis.com

style-src Host — https://clients1.google.com/complete/search

img-src Keyword — 'self'

img-src Scheme — data:

img-src Host — https://api.iqrf.org

img-src Host

YouTube https://*.ytimg.com

img-src Host

Google Analytics https://www.google-analytics.com

img-src Host

Google Analytics https://ssl.google-analytics.com

img-src Host

Google Search https://www.google.com/cse/

img-src Host

Google API JS Client https://www.googleapis.com/generate_204

img-src Host — https://*.google.com/generate_204

img-src Host

Google Translate https://translate.googleapis.com

img-src Host

Google Translate https://translate.google.com/gen204

img-src Host

Google Static File Front End https://encrypted-tbn0.gstatic.com/images

img-src Host

Google Static File Front End https://encrypted-tbn1.gstatic.com/images

img-src Host

Google Static File Front End https://encrypted-tbn2.gstatic.com/images

img-src Host

Google Static File Front End https://encrypted-tbn3.gstatic.com/images

img-src Host

Google Search https://www.google.com/images/

img-src Host

Google Static File Front End https://www.gstatic.com/images/branding/product/

img-src Host

Google Static File Front End https://ssl.gstatic.com/ui/v1/disclosure/small-grey-disclosure-arrow-down.png

font-src Keyword — 'self'

font-src Scheme — data:

font-src Host

Google Fonts https://fonts.gstatic.com

connect-src Keyword — 'self'

connect-src Host — https://api.iqrf.org

connect-src Host — https://sentry.iqrf.org

connect-src Host — https://repository.iqrfalliance.org

connect-src Host

Google Analytics https://www.google-analytics.com

connect-src Host

Google Analytics https://ssl.google-analytics.com

connect-src Host

Google Translate https://translate.googleapis.com

media-src Keyword — 'self'

media-src Host

YouTube https://*.youtube.com

media-src Host

YouTube https://*.youtube-nocookie.com

object-src Keyword — 'self'

object-src Host — https://*.googlevideo.com

object-src Host

YouTube https://*.ytimg.com

object-src Host

YouTube https://*.youtube.com

object-src Host

YouTube https://*.youtube-nocookie.com

frame-src Host

YouTube https://*.youtube.com

frame-src Host

YouTube https://*.youtube-nocookie.com

frame-src Host

Google reCAPTCHA https://www.google.com/recaptcha/

frame-src Host

Google Search https://www.google.com/maps/

report-uri Host — https://sentry.iqrf.org/api/3/security/?sentry_key=288d672682d34ababb8e73a48cdd8d46