Content-Security-Policy Analysis for https://neocities.org

Open Cached · 6h ago

5 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self' data: blob: 'unsafe-inline'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://api.stripe.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com

default-src Keyword —

'self'

default-src Scheme —

data:

default-src Scheme —

blob:

default-src Keyword —

'unsafe-inline'

script-src Keyword —

'self'

script-src Scheme —

blob:

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host

hCaptcha

https://hcaptcha.com

ASN | Cloudflare

script-src Host

hCaptcha

https://*.hcaptcha.com

ASN | Cloudflare

script-src Host

Stripe

https://js.stripe.com

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

hCaptcha

https://hcaptcha.com

ASN | Cloudflare

style-src Host

hCaptcha

https://*.hcaptcha.com

ASN | Cloudflare

connect-src Keyword —

'self'

connect-src Host

hCaptcha

https://hcaptcha.com

ASN | Cloudflare

connect-src Host

hCaptcha

https://*.hcaptcha.com

ASN | Cloudflare

connect-src Host

Stripe

https://api.stripe.com

frame-src Keyword —

'self'

frame-src Host

hCaptcha

https://hcaptcha.com

ASN | Cloudflare

frame-src Host

hCaptcha

https://*.hcaptcha.com

ASN | Cloudflare

frame-src Host

Stripe

https://js.stripe.com

Content-Security-Policy-Report-Only

No report-only CSP headers found.