Content-Security-Policy Analysis for https://info.mapp.com

Open Cached · just now

17 directives

Content-Security-Policy

Content-Security-Policy: frame-ancestors 'self'; block-all-mixed-content; default-src 'self' https://*.shortest-route.com https://mapp.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://web-sdk.aptrinsic.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:; object-src 'none'; frame-src 'self'; child-src 'self'; font-src 'self' https://fonts.gstatic.com; connect-src 'self' esp.aptrinsic.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self'; worker-src 'self'; style-src 'self' https://*.shortest-route.com https://mapp.com *.googleapis.com https://web-sdk.aptrinsic.com 'unsafe-inline' data:; img-src 'self' https: data:; upgrade-insecure-requests;

frame-ancestors Keyword —

'self'

block-all-mixed-content Source —

(no sources)

default-src Keyword —

'self'

default-src Host —

https://*.shortest-route.com

ASN | WEBTREKK-AS Webtrekk GmbH

default-src Host —

https://mapp.com

ASN | SAARGATE-AS VSE NET GmbH

script-src Keyword —

'self'

script-src Keyword —

'report-sample'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host —

https://web-sdk.aptrinsic.com

ASN | Google Cloud

script-src Host

Google API JS Client

https://*.googleapis.com

script-src Host

Google Static File Front End

https://*.gstatic.com

script-src Host

Google Search

*.google.com

script-src Host —

https://*.ggpht.com

script-src Host

Google Cloud Storage

*.googleusercontent.com

script-src Scheme —

blob:

object-src Keyword —

'none'

frame-src Keyword —

'self'

child-src Keyword —

'self'

font-src Keyword —

'self'

font-src Host

Google Fonts

https://fonts.gstatic.com

connect-src Keyword —

'self'

connect-src Host —

esp.aptrinsic.com

ASN | Google Cloud

connect-src Host

Google API JS Client

https://*.googleapis.com

connect-src Host

Google Search

*.google.com

connect-src Host

Google Static File Front End

https://*.gstatic.com

connect-src Scheme —

data:

connect-src Scheme —

blob:

manifest-src Keyword —

'self'

base-uri Keyword —

'self'

form-action Keyword —

'self'

media-src Keyword —

'self'

worker-src Keyword —

'self'

style-src Keyword —

'self'

style-src Host —

https://*.shortest-route.com

ASN | WEBTREKK-AS Webtrekk GmbH

style-src Host —

https://mapp.com

ASN | SAARGATE-AS VSE NET GmbH

style-src Host

Google API JS Client

*.googleapis.com

style-src Host —

https://web-sdk.aptrinsic.com

ASN | Google Cloud

style-src Keyword —

'unsafe-inline'

style-src Scheme —

data:

img-src Keyword —

'self'

img-src Scheme —

https:

img-src Scheme —

data:

upgrade-insecure-requests Source —

(no sources)

Content-Security-Policy-Report-Only

No report-only CSP headers found.