Content-Security-Policy Analysis for https://sheetpal.com

Open Cached · just now

13 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self';script-src 'self' https://www.googletagmanager.com https://apis.google.com;style-src 'self';img-src 'self' data: https: blob:;connect-src 'self' wss: ws: https://www.googleapis.com https://irurbmlohjwtzvyhiswd.supabase.co;font-src 'self' data:;object-src 'none';frame-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests

default-src Keyword —

'self'

script-src Keyword —

'self'

script-src Host

Google Tag Manager

https://www.googletagmanager.com

script-src Host

Google API JS Client

https://apis.google.com

style-src Keyword —

'self'

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Scheme —

https:

img-src Scheme —

blob:

connect-src Keyword —

'self'

connect-src Scheme —

wss:

connect-src Scheme —

ws:

connect-src Host

Google API JS Client

https://www.googleapis.com

connect-src Host

Supabase

https://irurbmlohjwtzvyhiswd.supabase.co

ASN | Cloudflare

font-src Keyword —

'self'

font-src Scheme —

data:

object-src Keyword —

'none'

frame-src Keyword —

'none'

base-uri Keyword —

'self'

form-action Keyword —

'self'

frame-ancestors Keyword —

'self'

script-src-attr Keyword —

'none'

upgrade-insecure-requests Source —

(no sources)

Content-Security-Policy-Report-Only

No report-only CSP headers found.