Content-Security-Policy Analysis for https://mxmerchant.com

Open Cached · just now

3 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self' https://*.mxmerchant.com https://www.google-analytics.com https://*.googleapis.com  https://www.googletagmanager.com https://mxmsandbox.wpengine.com https://*.gstatic.com https://*.typekit.net 'unsafe-inline' 'unsafe-eval' data: https://*.mxmerchant.com; frame-ancestors 'self'; object-src 'none'

default-src Keyword —

'self'

default-src Host —

https://*.mxmerchant.com

ASN | Cloudflare

default-src Host

Google Analytics

https://www.google-analytics.com

default-src Host

Google API JS Client

https://*.googleapis.com

default-src Host

Google Tag Manager

https://www.googletagmanager.com

default-src Host

WP Engine

https://mxmsandbox.wpengine.com

ASN | Google Cloud

default-src Host

Google Static File Front End

https://*.gstatic.com

default-src Host

Adobe Fonts (Typekit)

https://*.typekit.net

default-src Keyword —

'unsafe-inline'

default-src Keyword —

'unsafe-eval'

default-src Scheme —

data:

default-src Host —

https://*.mxmerchant.com

ASN | Cloudflare

frame-ancestors Keyword —

'self'

object-src Keyword —

'none'

Content-Security-Policy-Report-Only

No report-only CSP headers found.