Content-Security-Policy Analysis for https://placedealers.com

Open Cached · just now

29 directives

Content-Security-Policy

Content-Security-Policy: frame-ancestors 'self';, default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-mexFVFAJ' blob: 'self' connect.facebook.net 'unsafe-eval' https://accounts.google.com https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://accounts.google.com https://*.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://meta.privacy-gateway.cloudflare.com/relay https://meta-ohttp-relay-prod.fastly-edge.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;

frame-ancestors Keyword —

'self'

, Host —

default-src

, Scheme —

blob:

, Keyword —

'self'

, Host

Facebook

https://*.fbsbx.com

ASN | Facebook

, Host

Facebook

*.facebook.com

ASN | Facebook

, Host

Facebook

*.fbcdn.net

ASN | Facebook

script-src Host

Facebook

*.facebook.com

ASN | Facebook

script-src Host

Facebook

*.fbcdn.net

ASN | Facebook

script-src Host

Facebook

*.facebook.net

script-src Host —

127.0.0.1:*

script-src Nonce —

'nonce-mexFVFAJ'

script-src Scheme —

blob:

script-src Keyword —

'self'

script-src Host

Facebook

connect.facebook.net

ASN | Facebook

script-src Keyword —

'unsafe-eval'

script-src Host

Google Sign-In

https://accounts.google.com

ASN | Google

script-src Host

Google Analytics

https://*.google-analytics.com

ASN | Google

script-src Host

Google Search

*.google.com

ASN | Google

style-src Host

Facebook

*.fbcdn.net

ASN | Facebook

style-src Scheme —

data:

style-src Host

Facebook

*.facebook.com

ASN | Facebook

style-src Keyword —

'unsafe-inline'

style-src Host

Google Sign-In

https://accounts.google.com

ASN | Google

style-src Host

Google Fonts

https://fonts.googleapis.com

ASN | Google

connect-src Host

Facebook

*.facebook.com

ASN | Facebook

connect-src Host

Facebook

facebook.com

ASN | Facebook

connect-src Host

Facebook

*.fbcdn.net

ASN | Facebook

connect-src Host

Facebook

*.facebook.net

connect-src Host

Facebook

wss://*.facebook.com:*

ASN | Facebook

connect-src Host —

wss://*.whatsapp.com:*

ASN | Facebook

connect-src Host

Facebook

wss://*.fbcdn.net

ASN | Facebook

connect-src Host

Facebook

attachment.fbsbx.com

ASN | Facebook

connect-src Host —

ws://localhost:*

connect-src Scheme —

blob:

connect-src Host

Instagram

*.cdninstagram.com

connect-src Keyword —

'self'

connect-src Host —

http://localhost:3103

connect-src Host

Facebook

wss://gateway.facebook.com

ASN | Facebook

connect-src Host

Facebook

wss://edge-chat.facebook.com

ASN | Facebook

connect-src Host

Facebook

wss://snaptu-d.facebook.com

ASN | Facebook

connect-src Host

Facebook

wss://kaios-d.facebook.com/

ASN | Facebook

connect-src Host

v.whatsapp.net

ASN | Facebook

connect-src Host

Facebook

*.fbsbx.com

ASN | Facebook

connect-src Host —

*.fb.com

ASN | Facebook

connect-src Host

Instagram

*.instagram.com

ASN | Facebook

connect-src Host

Google Sign-In

https://accounts.google.com

ASN | Google

connect-src Host

Google Analytics

https://*.google-analytics.com

ASN | Google

connect-src Host

Mapbox

https://api.mapbox.com

ASN | Amazon

connect-src Host

Mapbox

https://*.tiles.mapbox.com

ASN | Fastly

connect-src Host

Mapbox

https://events.mapbox.com

ASN | Amazon

connect-src Host

Cloudflare CDN

https://meta.privacy-gateway.cloudflare.com/relay

ASN | Cloudflare

connect-src Host —

https://meta-ohttp-relay-prod.fastly-edge.com

ASN | Fastly

font-src Scheme —

data:

font-src Host

Facebook

*.facebook.com

ASN | Facebook

font-src Host

Facebook

*.fbcdn.net

ASN | Facebook

font-src Host

Facebook

*.fbsbx.com

ASN | Facebook

font-src Host

Google Fonts

https://fonts.gstatic.com

ASN | Google

img-src Host

Facebook

*.fbcdn.net

ASN | Facebook

img-src Host

Facebook

*.facebook.com

ASN | Facebook

img-src Scheme —

data:

img-src Host

Facebook

https://*.fbsbx.com

ASN | Facebook

img-src Host

Facebook

facebook.com

ASN | Facebook

img-src Host

Instagram

*.cdninstagram.com

img-src Host

Facebook

fbsbx.com

ASN | Facebook

img-src Host

Facebook

fbcdn.net

ASN | Facebook

img-src Host

Facebook

connect.facebook.net

ASN | Facebook

img-src Scheme —

blob:

img-src Scheme —

android-webview-video-poster:

img-src Host

*.whatsapp.net

ASN | Facebook

img-src Host —

*.fb.com

ASN | Facebook

img-src Host —

*.oculuscdn.com

img-src Host

Tenor

*.tenor.co

ASN | Google Cloud

img-src Host

Tenor

*.tenor.com

ASN | Google Cloud

img-src Host

GIPHY

*.giphy.com

ASN | Fastly

img-src Host

Trustly

https://trustly.one/

ASN | Amazon

img-src Host

Trustly

https://*.trustly.one/

ASN | Amazon

img-src Host

Trustly

https://paywithmybank.com/

ASN | Amazon

img-src Host

Trustly

https://*.paywithmybank.com/

ASN | Amazon

img-src Host

Google Conversion Tracking

https://www.googleadservices.com

ASN | Google

img-src Host

Google DoubleClick

https://googleads.g.doubleclick.net

ASN | Google

img-src Host

Google Analytics

https://*.google-analytics.com

ASN | Google

media-src Host

Instagram

*.cdninstagram.com

media-src Scheme —

blob:

media-src Host

Facebook

*.fbcdn.net

ASN | Facebook

media-src Host

Facebook

*.fbsbx.com

ASN | Facebook

media-src Host

Facebook

www.facebook.com

ASN | Facebook

media-src Host

Facebook

*.facebook.com

ASN | Facebook

media-src Scheme —

data:

media-src Host

Tenor

*.tenor.co

ASN | Google Cloud

media-src Host

Tenor

*.tenor.com

ASN | Google Cloud

media-src Host

GIPHY

https://*.giphy.com

ASN | Fastly

child-src Scheme —

data:

child-src Scheme —

blob:

child-src Keyword —

'self'

child-src Host

Facebook

https://*.fbsbx.com

ASN | Facebook

child-src Host

Facebook

*.facebook.com

ASN | Facebook

child-src Host

Facebook

*.fbcdn.net

ASN | Facebook

frame-src Host

Facebook

*.facebook.com

ASN | Facebook

frame-src Host

Facebook

*.fbsbx.com

ASN | Facebook

frame-src Host

Facebook

fbsbx.com

ASN | Facebook

frame-src Scheme —

data:

frame-src Host

Instagram

www.instagram.com

ASN | Facebook

frame-src Host

Facebook

*.fbcdn.net

ASN | Facebook

frame-src Host —

accounts.meta.com

ASN | Facebook

frame-src Host —

*.accounts.meta.com

ASN | Facebook

frame-src Host

Trustly

https://trustly.one/

ASN | Amazon

frame-src Host

Trustly

https://*.trustly.one/

ASN | Amazon

frame-src Host

Trustly

https://paywithmybank.com/

ASN | Amazon

frame-src Host

Trustly

https://*.paywithmybank.com/

ASN | Amazon

frame-src Host

Google Conversion Tracking

https://www.googleadservices.com

ASN | Google

frame-src Host

Google DoubleClick

https://googleads.g.doubleclick.net

ASN | Google

frame-src Host

Google Search

https://www.google.com

ASN | Google

frame-src Host

Google DoubleClick

https://td.doubleclick.net

ASN | Google

frame-src Host

Google Search

*.google.com

ASN | Google

frame-src Host

Google DoubleClick

*.doubleclick.net

ASN | Google

manifest-src Scheme —

data:

manifest-src Scheme —

blob:

manifest-src Keyword —

'self'

manifest-src Host

Facebook

https://*.fbsbx.com

ASN | Facebook

manifest-src Host

Facebook

*.facebook.com

ASN | Facebook

manifest-src Host

Facebook

*.fbcdn.net

ASN | Facebook

object-src Scheme —

data:

object-src Scheme —

blob:

object-src Keyword —

'self'

object-src Host

Facebook

https://*.fbsbx.com

ASN | Facebook

object-src Host

Facebook

*.facebook.com

ASN | Facebook

object-src Host

Facebook

*.fbcdn.net

ASN | Facebook

worker-src Scheme —

blob:

worker-src Host

Facebook

*.facebook.com

ASN | Facebook

worker-src Scheme —

data:

block-all-mixed-content Source —

(no sources)

upgrade-insecure-requests Source —

(no sources)

Content-Security-Policy-Report-Only

Content-Security-Policy-Report-Only: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-mexFVFAJ' blob: 'self' connect.facebook.net https://accounts.google.com https://*.google-analytics.com *.google.com 'report-sample';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://accounts.google.com https://*.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://meta.privacy-gateway.cloudflare.com/relay https://meta-ohttp-relay-prod.fastly-edge.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src *.facebook.com/static_resources/webworker_v1/init_script/ *.facebook.com/static_resources/webworker/init_script/ *.facebook.com/static_resources/sharedworker/init_script/ *.facebook.com/static_resources/webworker/map_libre/ *.facebook.com/static_resources/webworker/map_libre_rtl/ *.facebook.com/sw/ *.facebook.com/sw;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0;

default-src Scheme —

blob:

default-src Keyword —

'self'

default-src Host

Facebook

https://*.fbsbx.com

ASN | Facebook

default-src Host

Facebook

*.facebook.com

ASN | Facebook