Content-Security-Policy Analysis for https://iqrf.org

Open Cached · just now

11 directives

Content-Security-Policy

Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://ssl.google-analytics.com https://cse.google.com/ https://www.google.com/cse/; script-src-elem *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com/cse/ https://translate.googleapis.com https://clients1.google.com/complete/search; img-src 'self' data: https://api.iqrf.org https://*.ytimg.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/cse/ https://www.googleapis.com/generate_204 https://*.google.com/generate_204 https://translate.googleapis.com https://translate.google.com/gen204 https://encrypted-tbn0.gstatic.com/images https://encrypted-tbn1.gstatic.com/images https://encrypted-tbn2.gstatic.com/images https://encrypted-tbn3.gstatic.com/images https://www.google.com/images/ https://www.gstatic.com/images/branding/product/ https://ssl.gstatic.com/ui/v1/disclosure/small-grey-disclosure-arrow-down.png; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://api.iqrf.org https://sentry.iqrf.org https://repository.iqrfalliance.org https://www.google-analytics.com https://ssl.google-analytics.com https://translate.googleapis.com; media-src 'self' https://*.youtube.com https://*.youtube-nocookie.com; object-src 'self' https://*.googlevideo.com https://*.ytimg.com https://*.youtube.com https://*.youtube-nocookie.com; frame-src https://*.youtube.com https://*.youtube-nocookie.com https://www.google.com/recaptcha/ https://www.google.com/maps/; report-uri https://sentry.iqrf.org/api/3/security/?sentry_key=288d672682d34ababb8e73a48cdd8d46

No enforced CSP headers found.

Content-Security-Policy-Report-Only

default-src Keyword —

'self'

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host

YouTube

https://s.ytimg.com

script-src Host

YouTube

https://www.youtube.com

script-src Host

YouTube

https://www.youtube-nocookie.com

script-src Host

Google reCAPTCHA

https://www.google.com/recaptcha/

script-src Host

Google Static File Front End

https://www.gstatic.com/recaptcha/

script-src Host

Google Analytics

https://www.google-analytics.com

script-src Host

Google Analytics

https://ssl.google-analytics.com

script-src Host —

https://cse.google.com/

script-src Host

Google Search

https://www.google.com/cse/

script-src-elem Host —

*

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Google Fonts

https://fonts.googleapis.com

style-src Host

Google Search

https://www.google.com/cse/

style-src Host

Google Translate

https://translate.googleapis.com

style-src Host —

https://clients1.google.com/complete/search

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Host —

https://api.iqrf.org

ASN | WEDOS - WEDOS Internet, a.s.

img-src Host

YouTube

https://*.ytimg.com

img-src Host

Google Analytics

https://www.google-analytics.com

img-src Host

Google Analytics

https://ssl.google-analytics.com

img-src Host

Google Search

https://www.google.com/cse/

img-src Host

Google API JS Client

https://www.googleapis.com/generate_204

img-src Host —

https://*.google.com/generate_204

img-src Host

Google Translate

https://translate.googleapis.com

img-src Host

Google Translate

https://translate.google.com/gen204

img-src Host

Google Static File Front End

https://encrypted-tbn0.gstatic.com/images

img-src Host

Google Static File Front End

https://encrypted-tbn1.gstatic.com/images

img-src Host

Google Static File Front End

https://encrypted-tbn2.gstatic.com/images

img-src Host

Google Static File Front End

https://encrypted-tbn3.gstatic.com/images

img-src Host

Google Search

https://www.google.com/images/

img-src Host

Google Static File Front End

https://www.gstatic.com/images/branding/product/

img-src Host

Google Static File Front End

https://ssl.gstatic.com/ui/v1/disclosure/small-grey-disclosure-arrow-down.png

font-src Keyword —

'self'

font-src Scheme —

data:

font-src Host

Google Fonts

https://fonts.gstatic.com

connect-src Keyword —

'self'

connect-src Host —

https://api.iqrf.org

ASN | WEDOS - WEDOS Internet, a.s.

connect-src Host —

https://sentry.iqrf.org

ASN | ZONER-AS - ZONER a.s.

connect-src Host —

https://repository.iqrfalliance.org

ASN | ZONER-AS - ZONER a.s.

connect-src Host

Google Analytics

https://www.google-analytics.com

connect-src Host

Google Analytics

https://ssl.google-analytics.com

connect-src Host

Google Translate

https://translate.googleapis.com

media-src Keyword —

'self'

media-src Host

YouTube

https://*.youtube.com

media-src Host

YouTube

https://*.youtube-nocookie.com

object-src Keyword —

'self'

object-src Host —

https://*.googlevideo.com

object-src Host

YouTube

https://*.ytimg.com

object-src Host

YouTube

https://*.youtube.com

object-src Host

YouTube

https://*.youtube-nocookie.com

frame-src Host

YouTube

https://*.youtube.com

frame-src Host

YouTube

https://*.youtube-nocookie.com

frame-src Host

Google reCAPTCHA

https://www.google.com/recaptcha/

frame-src Host

Google Search

https://www.google.com/maps/

report-uri Host —

https://sentry.iqrf.org/api/3/security/?sentry_key=288d672682d34ababb8e73a48cdd8d46

ASN | ZONER-AS - ZONER a.s.