Content-Security-Policy Analysis for https://www.airbnb.ae

Open Cached · just now

12 directives

Content-Security-Policy

Content-Security-Policy: child-src blob:; connect-src 'self' https: wss://ws.airbnb.com wss://ws.airbnb.ae https://netverify.com https://*.netverify.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net https:; frame-src * https://*.cardinalcommerce.com; img-src 'self' https: data: https://*.mapbox.com blob:; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://ethn.io https://s.yimg.jp https://api.geetest.com https://monitor.geetest.com https://api.geevisit.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com https://songbird.cardinalcommerce.com/ https://www.recaptcha.net https://www.gstatic.cn https://airbnb-api.arkoselabs.com https://h.online-metrix.net 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-vPvbF7mM9h+nViyD8PeacaGLf/01gc9mAlxGpxiPENs=' 'sha256-CZnW0hvLQpXhjRl/rvattFn8GcIhxi8fcsCstVugtsI=' 'sha256-9jboJcALeftUTV/MuGjkJB5HDvqsPbm7/gTjfpkHiYc=' 'sha256-r98Buo6FoBRWWqqTV3XUgtcozHN4uxdwUycMqlCrWgk=' 'sha256-dEQLydru3z2yuRGS/8VzaalU2wY48xuXdoO1zDPmT/A=' 'sha256-jhpHTyypc46kfr10/bvvFfjxyJNZcDvM0XsDAD5PJ2k=' 'sha256-sM4TCqADHMBZKYgE9fgtWACAry8C6tqaPljxMeTJ+w4=' 'sha256-cjbhGOOQgQ99rvg3Z512vKyyYWqlTx/JNJg0rEMcAdY=' 'sha256-s65REExBIDb5ehVuEdj8RQqjssBqO5B6bU+klVdAIiw=' 'sha256-UZiH6gDDypKZfLEstAQJCeLznzQxkMkbq3eZ5ziZaQk=' https: 'sha256-5Tl1cMvpowm216MNWitZcm6dh1Ufik1QFyA6KadNiAY=' 'sha256-rvARxjbuUxilxb9RkOEv8RtqGIsmGYKyxv2IIH4MsrA=' 'sha256-hlaumtWL6YXbATpvURLyKaWUWs/apEDvcs19lYsGwsU=' 'sha256-WN2aiDPIBwBxhoVjMemOYgECjT6LzuFTAdA/DMR7T3A=' 'sha256-QrtzfXzemhvC/0Mz4p5MTgyHZ11cOMx/iKBQ2QfQoYU=' 'sha256-hVPsqt8jazJS/0O76JubiA90S0KG9ImECF/df+CNljI=' 'sha256-RAgBnM0wf+EU6GLC4DAwrlPlxaWbSFOv9fEZHb22Zqc=' 'sha256-q7LfTX8CemAjvalJEQZ5S+i7nuNEVbFaU6xkHvEAOeQ=' 'sha256-Hn02be8UsaO1J728ZDxGZlZGXBd85lEw3JklFYpfGPQ=' 'sha256-69KvOim8N1PE+6rP6TRe0P6GgFBZdTuNV9Lrr9y8KMc=' 'sha256-AcTLk9SPBTCpOP4TyHDG+Id7/GS/5o3fNLVi6oMU5NM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com https://*.klarnacdn.net blob: https://vdata.amap.com https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://cardinaltrusted.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://includes.ccdc02.com https://includestest.ccdc02.com https://client-api.arkoselabs.com https://cdn.plaid.com/link/v2/stable/link-initialize.js https://js.stripe.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://pagead2.googlesyndication.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self' https: blob:; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=cef02124-3ef1-48af-297d-c63307c3ff9e&version=sha%3D5f6d4824aba3&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=cef02124-3ef1-48af-297d-c63307c3ff9e&version=sha%3D5f6d4824aba3&report_only=false

child-src Scheme —

blob:

connect-src Keyword —

'self'

connect-src Scheme —

https:

connect-src Host —

wss://ws.airbnb.com

ASN | Amazon

connect-src Host —

wss://ws.airbnb.ae

ASN | Amazon

connect-src Host —

https://netverify.com

ASN | Amazon

connect-src Host —

https://*.netverify.com

ASN | Amazon

connect-src Scheme —

wss:

connect-src Host —

*.amap.com

ASN | Alibaba

connect-src Host

Mapbox

https://*.mapbox.com

ASN | Fastly

default-src Keyword —

'self'

default-src Scheme —

https:

default-src Scheme —

blob:

font-src Keyword —

'self'

font-src Scheme —

data:

font-src Host —

https://*.muscache.com

font-src Host

Google Fonts

fonts.gstatic.com

ASN | Google

font-src Host

Adobe Fonts (Typekit)

https://use.typekit.net

ASN | Akamai

font-src Scheme —

https:

frame-src Host —

https://*.cardinalcommerce.com

ASN | Cloudflare

img-src Keyword —

'self'

img-src Scheme —

https:

img-src Scheme —

data:

img-src Host

Mapbox

https://*.mapbox.com

ASN | Fastly

img-src Scheme —

blob:

media-src Keyword —

'self'

media-src Scheme —

https:

media-src Scheme —

blob:

script-src Keyword —

'self'

script-src Keyword —

'unsafe-eval'

script-src Host —

https://a0.muscache.com

ASN | Akamai

script-src Host —

https://cdn.siftscience.com

ASN | Google Cloud

script-src Host —

https://ss.musthird.com

script-src Host —

https://t1.musthird.com

script-src Host

Microsoft Advertising

https://bat.bing.com

ASN | Microsoft

script-src Host

Facebook

https://connect.facebook.net

ASN | Facebook

script-src Host

Google Analytics

https://www.google-analytics.com

ASN | Google

script-src Host

Google Conversion Tracking

https://www.googleadservices.com

ASN | Google

script-src Host

Google AdSense

https://tpc.googlesyndication.com

ASN | Google

script-src Host

Google Tag Manager

https://www.googletagmanager.com

ASN | Google

script-src Host

Google Maps

https://maps.googleapis.com

ASN | Google

script-src Host

Google Hosted Libraries

https://ajax.googleapis.com

ASN | Google

script-src Host

Google DoubleClick

https://*.g.doubleclick.net

script-src Host

Google Search

https://www.google.com

ASN | Google

script-src Host

Google Static File Front End

https://www.gstatic.com

ASN | Google

script-src Host —

https://smartlock.google.com

ASN | Google

script-src Host

Google Sign-In

https://accounts.google.com

ASN | Google

script-src Host —

https://app.link

ASN | Amazon

script-src Host

Branch

https://cdn.branch.io

ASN | Amazon

script-src Host

Branch

https://api.branch.io

ASN | Amazon

script-src Host —

https://bam.nr-data.net

ASN | NEWRELIC-AS-1 - New Relic

script-src Host

New Relic

https://js-agent.newrelic.com

ASN | Fastly

script-src Host —

https://ethn.io

ASN | Amazon

script-src Host

Yahoo

https://s.yimg.jp

ASN | YAHOO LY Corporation

script-src Host

GeeTest

https://api.geetest.com

ASN | ACE-AS-AP ACE

script-src Host

GeeTest

https://monitor.geetest.com

ASN | Alibaba

script-src Host —

https://api.geevisit.com

ASN | ACE-AS-AP ACE

script-src Host

AMP

https://cdn.ampproject.org

ASN | Google

script-src Host

Google Cloud Storage

https://storage.googleapis.com/workbox-cdn/

ASN | Google

script-src Host

Google Tag Manager

https://tagmanager.google.com

ASN | Google

script-src Host

Google Pay

https://pay.google.com

ASN | Google

script-src Host —

https://songbird.cardinalcommerce.com/

ASN | Cloudflare

script-src Host

Google reCAPTCHA

https://www.recaptcha.net

ASN | Google

script-src Host

Google Static File Front End

https://www.gstatic.cn

ASN | Google

script-src Host

Arkose Labs

https://airbnb-api.arkoselabs.com

ASN | Amazon

script-src Host —

https://h.online-metrix.net

ASN | THM - ThreatMetrix Inc.

script-src Hash —

'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc='

script-src Hash —

'sha256-vPvbF7mM9h+nViyD8PeacaGLf/01gc9mAlxGpxiPENs='

script-src Hash —

'sha256-CZnW0hvLQpXhjRl/rvattFn8GcIhxi8fcsCstVugtsI='

script-src Hash —

'sha256-9jboJcALeftUTV/MuGjkJB5HDvqsPbm7/gTjfpkHiYc='

script-src Hash —

'sha256-r98Buo6FoBRWWqqTV3XUgtcozHN4uxdwUycMqlCrWgk='

script-src Hash —

'sha256-dEQLydru3z2yuRGS/8VzaalU2wY48xuXdoO1zDPmT/A='

script-src Hash —

'sha256-jhpHTyypc46kfr10/bvvFfjxyJNZcDvM0XsDAD5PJ2k='

script-src Hash —

'sha256-sM4TCqADHMBZKYgE9fgtWACAry8C6tqaPljxMeTJ+w4='

script-src Hash —

'sha256-cjbhGOOQgQ99rvg3Z512vKyyYWqlTx/JNJg0rEMcAdY='

script-src Hash —

'sha256-s65REExBIDb5ehVuEdj8RQqjssBqO5B6bU+klVdAIiw='

script-src Hash —

'sha256-UZiH6gDDypKZfLEstAQJCeLznzQxkMkbq3eZ5ziZaQk='

script-src Scheme —

https:

script-src Hash —

'sha256-5Tl1cMvpowm216MNWitZcm6dh1Ufik1QFyA6KadNiAY='

script-src Hash —

'sha256-rvARxjbuUxilxb9RkOEv8RtqGIsmGYKyxv2IIH4MsrA='

script-src Hash —

'sha256-hlaumtWL6YXbATpvURLyKaWUWs/apEDvcs19lYsGwsU='

script-src Hash —

'sha256-WN2aiDPIBwBxhoVjMemOYgECjT6LzuFTAdA/DMR7T3A='

script-src Hash —

'sha256-QrtzfXzemhvC/0Mz4p5MTgyHZ11cOMx/iKBQ2QfQoYU='

script-src Hash —

'sha256-hVPsqt8jazJS/0O76JubiA90S0KG9ImECF/df+CNljI='

script-src Hash —

'sha256-RAgBnM0wf+EU6GLC4DAwrlPlxaWbSFOv9fEZHb22Zqc='

script-src Hash —

'sha256-q7LfTX8CemAjvalJEQZ5S+i7nuNEVbFaU6xkHvEAOeQ='

script-src Hash —

'sha256-Hn02be8UsaO1J728ZDxGZlZGXBd85lEw3JklFYpfGPQ='

script-src Hash —

'sha256-69KvOim8N1PE+6rP6TRe0P6GgFBZdTuNV9Lrr9y8KMc='

script-src Hash —

'sha256-AcTLk9SPBTCpOP4TyHDG+Id7/GS/5o3fNLVi6oMU5NM='

script-src Host —

https://netverify.com

ASN | Amazon

script-src Host —

https://*.netverify.com

ASN | Amazon

script-src Host —

https://icm.aexp-static.com

ASN | Akamai

script-src Host —

https://qicm.americanexpress.com

ASN | AMERICAN-EXPRESS - American Express Company

script-src Host —

https://qwww435.americanexpress.com

ASN | AMERICAN-EXPRESS - American Express Company

script-src Host —

https://checkout.americanexpress.com

ASN | AMERICAN-EXPRESS - American Express Company

script-src Host

PayPal

https://www.paypalobjects.com

ASN | Fastly

script-src Host

PayPal

https://c.paypal.com

ASN | Fastly

script-src Host

PayPal

https://www.paypal.com

ASN | Fastly

script-src Host —

https://*.klarnacdn.net

script-src Scheme —

blob:

script-src Host —

https://vdata.amap.com

ASN | CHINANET-SHANGHAI-MAN China Telecom Group

script-src Host —

https://webapi.amap.com

ASN | CHINANET-SHANGHAI-MAN China Telecom Group

script-src Host —

https://restapi.amap.com

ASN | Alibaba

script-src Host

Mapbox

https://*.mapbox.com

ASN | Fastly

script-src Host —

https://cardinaltrusted.com

script-src Host —

https://songbird.cardinalcommerce.com

ASN | Cloudflare

script-src Host —

https://songbirdstag.cardinalcommerce.com

ASN | Cloudflare

script-src Host —

https://includes.ccdc02.com

ASN | Cloudflare

script-src Host —

https://includestest.ccdc02.com

ASN | Cloudflare

script-src Host

Arkose Labs

https://client-api.arkoselabs.com

ASN | Amazon

script-src Host

Plaid

https://cdn.plaid.com/link/v2/stable/link-initialize.js

ASN | Amazon

script-src Host

Stripe

https://js.stripe.com

ASN | Fastly

script-src Host

Apple ID

https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js

ASN | Akamai

script-src Host

Google AdSense

https://pagead2.googlesyndication.com

ASN | Google

style-src Keyword —

'self'

style-src Scheme —

https:

style-src Keyword —

'unsafe-inline'

style-src Host

Mapbox

https://*.mapbox.com

ASN | Fastly

worker-src Keyword —

'self'

worker-src Scheme —

https:

worker-src Scheme —

blob:

report-uri Host —

/tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=cef02124-3ef1-48af-297d-c63307c3ff9e&version=sha%3D5f6d4824aba3&report_only=false

report-to Host —

/tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=cef02124-3ef1-48af-297d-c63307c3ff9e&version=sha%3D5f6d4824aba3&report_only=false

Content-Security-Policy-Report-Only

No report-only CSP headers found.