Content-Security-Policy Analysis for https://ivpn.net

Open Cached · just now

6 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self' *.ivpn.net;img-src * data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ivpn.net *.braintreegateway.com  *.braintree-api.com *.paypal.com *.paypalobjects.com *.execute-api.us-east-1.amazonaws.com *.cardinalcommerce.com;style-src 'self' 'unsafe-inline' *.ivpn.net;connect-src 'self' *.ivpn.net *.cardinalcommerce.com *.braintree-api.com *.braintreegateway.com *.paypal.com  api.coingecko.com;frame-src 'self' *;

default-src Keyword —

'self'

default-src Host —

*.ivpn.net

img-src Host —

*

img-src Scheme —

data:

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host —

*.ivpn.net

script-src Host

Braintree

*.braintreegateway.com

script-src Host

Braintree

*.braintree-api.com

script-src Host

PayPal

*.paypal.com

script-src Host

PayPal

*.paypalobjects.com

script-src Host

AWS

*.execute-api.us-east-1.amazonaws.com

script-src Host —

*.cardinalcommerce.com

ASN | Cloudflare

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host —

*.ivpn.net

connect-src Keyword —

'self'

connect-src Host —

*.ivpn.net

connect-src Host —

*.cardinalcommerce.com

ASN | Cloudflare

connect-src Host

Braintree

*.braintree-api.com

connect-src Host

Braintree

*.braintreegateway.com

connect-src Host

PayPal

*.paypal.com

connect-src Host

CoinGecko

api.coingecko.com

ASN | Cloudflare

frame-src Keyword —

'self'

frame-src Host —

*

Content-Security-Policy-Report-Only

No report-only CSP headers found.