Content-Security-Policy Analysis for https://espago.com

Open Cached · just now

10 directives

Content-Security-Policy

Content-Security-Policy: base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://web-cms.espago.com http://127.0.0.1:1337 http://localhost:1337 https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google.pl https://*.linkedin.com https://*.licdn.com https://imgsct.cookiebot.com https://fonts.gstatic.com/; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.facebook.com https://connect.facebook.net https://www.google.com https://www.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.licdn.com https://www.clarity.ms https://*.cookiebot.com

base-uri Keyword —

'self'

font-src Keyword —

'self'

font-src Scheme —

https:

font-src Scheme —

data:

form-action Keyword —

'self'

frame-ancestors Keyword —

'self'

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Host —

https://web-cms.espago.com

ASN | PL-BEYOND-AS - Beyond.pl sp. z o.o.

img-src Host —

http://127.0.0.1:1337

img-src Host —

http://localhost:1337

img-src Host

Facebook

https://www.facebook.com

img-src Host

Google Analytics

https://*.google-analytics.com

img-src Host

Google Analytics

https://*.analytics.google.com

img-src Host

Google Tag Manager

https://*.googletagmanager.com

img-src Host

Google DoubleClick

https://*.g.doubleclick.net

img-src Host —

https://*.google.com

img-src Host —

https://www.google.pl

img-src Host

LinkedIn

https://*.linkedin.com

ASN | Microsoft

img-src Host

LinkedIn

https://*.licdn.com

img-src Host

Cookiebot

https://imgsct.cookiebot.com

img-src Host

Google Fonts

https://fonts.gstatic.com/

object-src Keyword —

'none'

script-src-attr Keyword —

'none'

style-src Keyword —

'self'

style-src Scheme —

https:

style-src Keyword —

'unsafe-inline'

upgrade-insecure-requests Source —

(no sources)

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Scheme —

blob:

script-src Host

Facebook

https://www.facebook.com

script-src Host

Facebook

https://connect.facebook.net

script-src Host

Google Search

https://www.google.com

script-src Host

Google Analytics

https://www.google-analytics.com

script-src Host

Google Tag Manager

https://*.googletagmanager.com

script-src Host

Google DoubleClick

https://*.g.doubleclick.net

script-src Host

LinkedIn

https://*.licdn.com

script-src Host Microsoft Clarity

https://www.clarity.ms

ASN | Microsoft

script-src Host

Cookiebot

https://*.cookiebot.com

ASN | Cloudflare

Content-Security-Policy-Report-Only

No report-only CSP headers found.