Content-Security-Policy Analysis for https://playground.deepgram.com

Open Cached · just now

14 directives

Content-Security-Policy

Content-Security-Policy: script-src 'strict-dynamic' 'nonce-4c0e3769eca09a0ef668901acfd1c2e4' 'wasm-unsafe-eval' 'unsafe-inline' https:;img-src 'self' https:;media-src 'self' blob: *.deepgram.com:*;frame-src https://js.stripe.com;connect-src https: blob: wss://*.deepgram.com:*;form-action 'none';frame-ancestors 'none';default-src 'self';base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests

script-src Keyword —

'strict-dynamic'

script-src Nonce —

'nonce-4c0e3769eca09a0ef668901acfd1c2e4'

script-src Keyword —

'wasm-unsafe-eval'

script-src Keyword —

'unsafe-inline'

script-src Scheme —

https:

img-src Keyword —

'self'

img-src Scheme —

https:

media-src Keyword —

'self'

media-src Scheme —

blob:

media-src Host —

*.deepgram.com:*

ASN | Amazon

frame-src Host

Stripe

https://js.stripe.com

ASN | Fastly

connect-src Scheme —

https:

connect-src Scheme —

blob:

connect-src Host —

wss://*.deepgram.com:*

ASN | Amazon

form-action Keyword —

'none'

frame-ancestors Keyword —

'none'

default-src Keyword —

'self'

base-uri Keyword —

'self'

font-src Keyword —

'self'

font-src Scheme —

https:

font-src Scheme —

data:

object-src Keyword —

'none'

script-src-attr Keyword —

'none'

style-src Keyword —

'self'

style-src Scheme —

https:

style-src Keyword —

'unsafe-inline'

upgrade-insecure-requests Source —

(no sources)

Content-Security-Policy-Report-Only

No report-only CSP headers found.