Content-Security-Policy Analysis for https://increment.com

Open Cached · just now

20 directives

Content-Security-Policy

Content-Security-Policy: base-uri 'none'; connect-src https://stripe.com; default-src 'none'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self' https://images.ctfassets.net; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report
Content-Security-Policy-Report-Only: base-uri 'none'; connect-src https://stripe.com; default-src 'none'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self' data: https://images.ctfassets.net; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report

base-uri Keyword —

'none'

connect-src Host

Stripe

https://stripe.com

default-src Keyword —

'none'

font-src Keyword —

'self'

form-action Keyword —

'none'

frame-ancestors Keyword —

'none'

img-src Keyword —

'self'

img-src Host

Contentful

https://images.ctfassets.net

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

report-uri Host

Stripe

https://q.stripe.com/csp-report

Content-Security-Policy-Report-Only

base-uri Keyword —

'none'

connect-src Host

Stripe

https://stripe.com

default-src Keyword —

'none'

font-src Keyword —

'self'

form-action Keyword —

'none'

frame-ancestors Keyword —

'none'

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Host

Contentful

https://images.ctfassets.net

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

report-uri Host

Stripe

https://q.stripe.com/csp-report