Content-Security-Policy Analysis for https://mailgate.mre.com.pl

Open Cached · just now

2 directives

Content-Security-Policy

Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://am-assets.pl www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com accounts.google.com widget.helpcrunch.com connect.facebook.net secure.payu.com script.hotjar.com static.hotjar.com js.stripe.com chat.dropped.net.pl widget.trustpilot.com;style-src 'self' 'unsafe-inline' https://am-assets.pl fonts.googleapis.com accounts.google.com chat.dropped.net.pl;

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host —

https://am-assets.pl

script-src Host

Google Tag Manager

www.googletagmanager.com

script-src Host

Google Analytics

www.google-analytics.com

script-src Host

Google Search

www.google.com

script-src Host

Google Static File Front End

www.gstatic.com

script-src Host

Google Sign-In

accounts.google.com

script-src Host —

widget.helpcrunch.com

ASN | Cloudflare

script-src Host

Facebook

connect.facebook.net

script-src Host —

secure.payu.com

script-src Host

Hotjar

script.hotjar.com

script-src Host

Hotjar

static.hotjar.com

script-src Host

Stripe

js.stripe.com

script-src Host —

chat.dropped.net.pl

script-src Host

Trustpilot

widget.trustpilot.com

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host —

https://am-assets.pl

style-src Host

Google Fonts

fonts.googleapis.com

style-src Host

Google Sign-In

accounts.google.com

style-src Host —

chat.dropped.net.pl

Content-Security-Policy-Report-Only

No report-only CSP headers found.