Content-Security-Policy Analysis for https://openathens.net

Open Cached · just now

10 directives

Content-Security-Policy

Content-Security-Policy: default-src 'none'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://*.lightboxcdn.com https://api.lightboxcdn.com https://cc.cdn.civiccomputing.com https://snap.licdn.com https://cdn.rollbar.com https://public.tableau.com https://www.gstatic.com https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://cdnjs.cloudflare.com https://*.hotjar.com https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://ams.wpml.org https://fonts.googleapis.com https://*.lightboxcdn.com; img-src 'self' https://www.facebook.com https://*.openstreetmap.org https://*.google.com https://ad.doubleclick.net https://*.lightboxcdn.com https://px.ads.linkedin.com https://public.tableau.com https://secure.gravatar.com https://www.pngitem.com https://placekitten.com data: https://www.googletagmanager.com *.google-analytics.com *.analytics.google.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.gstatic.com https://*.hotjar.com https://*.hotjar.io; report-uri https://us-central1-report-uri-openathens.cloudfunctions.net/content-security-policy; report-to csp-endpoint; font-src 'self' https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io data:; frame-src 'self' blob: https://www.googletagmanager.com https://*.fls.doubleclick.net https://player.vimeo.com https://public.tableau.com https://www.google.com https://www.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net https://*.hotjar.com https://*.hotjar.io; connect-src 'self' https://www.facebook.com https://ad.doubleclick.net https://www.google.com https://*.lightboxcdn.com https://account.digioh.com https://ams.wpml.org https://clapi.civiccomputing.com https://apikeys.civiccomputing.com https://px.ads.linkedin.com https://api.rollbar.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com;

default-src Keyword —

'none'

frame-ancestors Keyword —

'self'

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host

Facebook

https://connect.facebook.net

script-src Host —

https://*.lightboxcdn.com

script-src Host —

https://api.lightboxcdn.com

ASN | Microsoft

script-src Host

Cookie Control

https://cc.cdn.civiccomputing.com

script-src Host

LinkedIn

https://snap.licdn.com

script-src Host

Rollbar

https://cdn.rollbar.com

script-src Host

Tableau

https://public.tableau.com

script-src Host

Google Static File Front End

https://www.gstatic.com

script-src Host

YouTube

https://www.youtube.com

script-src Host

Google Tag Manager

https://www.googletagmanager.com

script-src Host

Google Analytics

https://www.google-analytics.com

script-src Host

Google Analytics

https://ssl.google-analytics.com

script-src Host

Google Conversion Tracking

https://www.googleadservices.com

script-src Host

Google Search

https://www.google.com

script-src Host —

https://www.google.co.uk

script-src Host

Google DoubleClick

https://googleads.g.doubleclick.net

script-src Host

Google DoubleClick

https://stats.g.doubleclick.net

script-src Host

Cloudflare CDNJS

https://cdnjs.cloudflare.com

ASN | Cloudflare

script-src Host

Hotjar

https://*.hotjar.com

script-src Host

Hotjar

https://*.hotjar.io

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host —

https://ams.wpml.org

style-src Host

Google Fonts

https://fonts.googleapis.com

style-src Host —

https://*.lightboxcdn.com

img-src Keyword —

'self'

img-src Host

Facebook

https://www.facebook.com

img-src Host

OpenStreetMap

https://*.openstreetmap.org

img-src Host —

https://*.google.com

img-src Host

Google DoubleClick

https://ad.doubleclick.net

img-src Host —

https://*.lightboxcdn.com

img-src Host

LinkedIn

https://px.ads.linkedin.com

ASN | Microsoft

img-src Host

Tableau

https://public.tableau.com

img-src Host

Gravatar

https://secure.gravatar.com

ASN | Automattic

img-src Host —

https://www.pngitem.com

ASN | NOCIX - Nocix

img-src Host —

https://placekitten.com

ASN | Cloudflare

img-src Scheme —

data:

img-src Host

Google Tag Manager

https://www.googletagmanager.com

img-src Host

Google Analytics

*.google-analytics.com

img-src Host

Google Analytics

*.analytics.google.com

img-src Host

Google DoubleClick

https://googleads.g.doubleclick.net

img-src Host

Google Search

https://www.google.com

img-src Host —

https://www.google.co.uk

img-src Host

Google DoubleClick

https://stats.g.doubleclick.net

img-src Host

Google Static File Front End

https://www.gstatic.com

img-src Host

Hotjar

https://*.hotjar.com

img-src Host

Hotjar

https://*.hotjar.io

report-uri Host

Google Cloud Functions

https://us-central1-report-uri-openathens.cloudfunctions.net/content-security-policy

report-to Host —

csp-endpoint

font-src Keyword —

'self'

font-src Host

Google Fonts

https://fonts.gstatic.com

font-src Host

Hotjar

https://*.hotjar.com

font-src Host

Hotjar

https://*.hotjar.io

font-src Scheme —

data:

frame-src Keyword —

'self'

frame-src Scheme —

blob:

frame-src Host

Google Tag Manager

https://www.googletagmanager.com

frame-src Host

Google DoubleClick

https://*.fls.doubleclick.net

frame-src Host

Vimeo

https://player.vimeo.com

ASN | Cloudflare

frame-src Host

Tableau

https://public.tableau.com

frame-src Host

Google Search

https://www.google.com

frame-src Host

YouTube

https://www.youtube.com

frame-src Host

Google DoubleClick

https://bid.g.doubleclick.net

frame-src Host

Google DoubleClick

https://td.doubleclick.net

frame-src Host

Hotjar

https://*.hotjar.com

frame-src Host

Hotjar

https://*.hotjar.io

connect-src Keyword —

'self'

connect-src Host

Facebook

https://www.facebook.com

connect-src Host

Google DoubleClick

https://ad.doubleclick.net

connect-src Host

Google Search

https://www.google.com

connect-src Host —

https://*.lightboxcdn.com

connect-src Host —

https://account.digioh.com

connect-src Host —

https://ams.wpml.org

connect-src Host

Cookie Control

https://clapi.civiccomputing.com

connect-src Host

Cookie Control

https://apikeys.civiccomputing.com

connect-src Host

LinkedIn

https://px.ads.linkedin.com

ASN | Microsoft

connect-src Host

Rollbar

https://api.rollbar.com

ASN | Google Cloud

connect-src Host

Google Analytics

*.google-analytics.com

connect-src Host

Google Analytics

*.analytics.google.com

connect-src Host

Google Tag Manager

https://www.googletagmanager.com

connect-src Host

Google DoubleClick

https://stats.g.doubleclick.net

connect-src Host

Hotjar

https://*.hotjar.com:*

connect-src Host

Hotjar

https://*.hotjar.io

connect-src Host

Hotjar

wss://*.hotjar.com

Content-Security-Policy-Report-Only

No report-only CSP headers found.