Content-Security-Policy Analysis for https://libraesva.com

Open Cached · just now

9 directives

Content-Security-Policy

No enforced CSP headers found.

Content-Security-Policy-Report-Only

Content-Security-Policy-Report-Only: default-src 'self' https://s0.wp.com https://fonts.googleapis.com https://fonts.gstatic.com data:; frame-src 'self' data: blob: https://www.youtube.com https://player.vimeo.com https://wp-themes.com; img-src * data:; media-src * data:; style-src 'self' https://fonts.googleapis.com data: 'unsafe-inline'; script-src https://wp-themes.com 'self' data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self'; frame-ancestors 'self' https://hub.libraesva.com; report-uri https://sentry.libraesva.com/api/16/security/?sentry_key=ec35ea3e850202bb70633fcd5d55c698

default-src Keyword —

'self'

default-src Host

WordPress

https://s0.wp.com

ASN | Automattic

default-src Host

Google Fonts

https://fonts.googleapis.com

default-src Host

Google Fonts

https://fonts.gstatic.com

default-src Scheme —

data:

frame-src Keyword —

'self'

frame-src Scheme —

data:

frame-src Scheme —

blob:

frame-src Host

YouTube

https://www.youtube.com

frame-src Host

Vimeo

https://player.vimeo.com

ASN | Cloudflare

frame-src Host —

https://wp-themes.com

ASN | SINGLEHOP-LLC - Internap Holding LLC

img-src Host —

*

img-src Scheme —

data:

media-src Host —

*

media-src Scheme —

data:

style-src Keyword —

'self'

style-src Host

Google Fonts

https://fonts.googleapis.com

style-src Scheme —

data:

style-src Keyword —

'unsafe-inline'

script-src Host —

https://wp-themes.com

ASN | SINGLEHOP-LLC - Internap Holding LLC

script-src Keyword —

'self'

script-src Scheme —

data:

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

worker-src Keyword —

'self'

frame-ancestors Keyword —

'self'

frame-ancestors Host —

https://hub.libraesva.com

report-uri Host —

https://sentry.libraesva.com/api/16/security/?sentry_key=ec35ea3e850202bb70633fcd5d55c698

ASN | ARUBA-ASN Aruba S.p.A.