Content-Security-Policy Analysis for https://met.no

Open Cached · just now

12 directives

Content-Security-Policy

Content-Security-Policy: base-uri 'self';default-src 'none';font-src 'self' ;form-action 'self';frame-src 'self' https://www.instagram.com https://platform.instagram.com https://embed.acast.com/ https://player.vimeo.com/;img-src 'self' https://ssl-nrk.tns-cs.net/*;media-src 'self';object-src 'none';script-src 'self' https://cdn.matomo.cloud/met.matomo.cloud/matomo.js https://www.google-analytics.com/analytics.js https://platform.instagram.com https://www.instagram.com ;style-src 'self' 'unsafe-inline';connect-src 'self' met.matomo.cloud/matomo.php https://www.met.no/;frame-ancestors 'self';

base-uri Keyword —

'self'

default-src Keyword —

'none'

font-src Keyword —

'self'

form-action Keyword —

'self'

frame-src Keyword —

'self'

frame-src Host

Instagram

https://www.instagram.com

frame-src Host

Instagram

https://platform.instagram.com

frame-src Host —

https://embed.acast.com/

frame-src Host

Vimeo

https://player.vimeo.com/

img-src Keyword —

'self'

img-src Host —

https://ssl-nrk.tns-cs.net/*

media-src Keyword —

'self'

object-src Keyword —

'none'

script-src Keyword —

'self'

script-src Host

Matomo

https://cdn.matomo.cloud/met.matomo.cloud/matomo.js

script-src Host

Google Analytics

https://www.google-analytics.com/analytics.js

script-src Host

Instagram

https://platform.instagram.com

script-src Host

Instagram

https://www.instagram.com

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

connect-src Keyword —

'self'

connect-src Host

Matomo

met.matomo.cloud/matomo.php

connect-src Host —

https://www.met.no/

frame-ancestors Keyword —

'self'

Content-Security-Policy-Report-Only

No report-only CSP headers found.