Content-Security-Policy Analysis for https://slmail.me

Open Cached · just now

3 directives

Content-Security-Policy

Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.paddle.com/paddle/paddle.js https://gc.zgo.at/count.js https://hcaptcha.com https://*.hcaptcha.com https://plausible.simplelogin.io/js/index.js; child-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.paddle.com https://www.youtube.com https://app.tryhoist.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://cdn.paddle.com

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host

Paddle

https://cdn.paddle.com/paddle/paddle.js

ASN | Cloudflare

script-src Host —

https://gc.zgo.at/count.js

script-src Host

hCaptcha

https://hcaptcha.com

ASN | Cloudflare

script-src Host

hCaptcha

https://*.hcaptcha.com

ASN | Cloudflare

script-src Host —

https://plausible.simplelogin.io/js/index.js

child-src Keyword —

'self'

child-src Host

hCaptcha

https://hcaptcha.com

ASN | Cloudflare

child-src Host

hCaptcha

https://*.hcaptcha.com

ASN | Cloudflare

child-src Host

Paddle

https://*.paddle.com

child-src Host

YouTube

https://www.youtube.com

child-src Host —

https://app.tryhoist.com

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

hCaptcha

https://hcaptcha.com

ASN | Cloudflare

style-src Host

hCaptcha

https://*.hcaptcha.com

ASN | Cloudflare

style-src Host

Paddle

https://cdn.paddle.com

ASN | Cloudflare

Content-Security-Policy-Report-Only

No report-only CSP headers found.