Content-Security-Policy Analysis for https://surweo.com

Open Cached · just now

4 directives

Content-Security-Policy

Content-Security-Policy: frame-ancestors 'self'; frame-src 'self' https://*.google.com https://*.googletagmanager.com https://www.sitecdn.com braintreegateway.com assets.braintreegateway.com googletagmanager.com https://client.dropcatch.com https://*.paypal.com https://*.paypalobjects.com https://ssl.kaptcha.com; script-src 'self' https://*.google.com https://*.doubleclick.net https://*.gstatic.com https://*.paypal.com https://*.googletagmanager.com https://secure.dropcatch.com https://*.google-analytics.com 'unsafe-inline'; connect-src 'self' https://*.google.com https://*.paypal.com https://*.amazonaws.com https://*.braintreegateway.com https://*.braintree-api.com https://uilogging.tcdevops.com https://logging.dropcatch.com https://*.google-analytics.com https://translate.dropcatch.com https://client.dropcatch.com wss://rt.dropcatch.com https://*.launchdarkly.com https://o4510675591430144.ingest.us.sentry.io

frame-ancestors Keyword —

'self'

frame-src Keyword —

'self'

frame-src Host —

https://*.google.com

frame-src Host

Google Tag Manager

https://*.googletagmanager.com

frame-src Host —

https://www.sitecdn.com

ASN | Cloudflare

frame-src Host

Braintree

braintreegateway.com

frame-src Host

Braintree

assets.braintreegateway.com

ASN | Cloudflare

frame-src Host

Google Tag Manager

googletagmanager.com

frame-src Host —

https://client.dropcatch.com

ASN | Cloudflare

frame-src Host

PayPal

https://*.paypal.com

frame-src Host

PayPal

https://*.paypalobjects.com

frame-src Host —

https://ssl.kaptcha.com

script-src Keyword —

'self'

script-src Host —

https://*.google.com

script-src Host

Google DoubleClick

https://*.doubleclick.net

script-src Host

Google Static File Front End

https://*.gstatic.com

script-src Host

PayPal

https://*.paypal.com

script-src Host

Google Tag Manager

https://*.googletagmanager.com

script-src Host —

https://secure.dropcatch.com

ASN | Cloudflare

script-src Host

Google Analytics

https://*.google-analytics.com

script-src Keyword —

'unsafe-inline'

connect-src Keyword —

'self'

connect-src Host —

https://*.google.com

connect-src Host

PayPal

https://*.paypal.com

connect-src Host

AWS

https://*.amazonaws.com

connect-src Host

Braintree

https://*.braintreegateway.com

connect-src Host

Braintree

https://*.braintree-api.com

connect-src Host —

https://uilogging.tcdevops.com

ASN | IMDC-AS12025 - Iron Mountain Data Center

connect-src Host —

https://logging.dropcatch.com

ASN | Cloudflare

connect-src Host

Google Analytics

https://*.google-analytics.com

connect-src Host —

https://translate.dropcatch.com

ASN | Cloudflare

connect-src Host —

https://client.dropcatch.com

ASN | Cloudflare

connect-src Host —

wss://rt.dropcatch.com

ASN | Cloudflare

connect-src Host

LaunchDarkly

https://*.launchdarkly.com

connect-src Host

Sentry

https://o4510675591430144.ingest.us.sentry.io

ASN | Google Cloud

Content-Security-Policy-Report-Only

No report-only CSP headers found.