Content-Security-Policy Analysis for https://www.currentinc.com

Open Cached · just now

8 directives

Content-Security-Policy

Content-Security-Policy: upgrade-insecure-requests;
Content-Security-Policy-Report-Only: worker-src blob:; form-action *.cardinalcommerce.com *.paypal.com www.sandbox.paypal.com *.amazon.com *.facebook.com *.googlesyndication.com *.tiktok.com connect.facebook.net 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src *.googletagmanager.com *.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com *.paypal.com www.sandbox.paypal.com player.vimeo.com *.google.com *.braintreegateway.com google.com js.stripe.com *.amazon.com *.payments-amazon.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.tiktok.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com connect.facebook.net www.commercepartnerhub.com assets.braintreegateway.com plumrocket.com *.authorize.net *.artifi.net www.googleadservices.com assets.pinterest.com ct.pinterest.com www.paypalobjects.com i.liadm.com *.securly.com gateway.zscalerthree.net ep2.adtrafficquality.google 'self' 'unsafe-inline'; script-src *.googletagmanager.com *.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net *.google.com *.newrelic.com *.nr-data.net *.authorize.net *.commerce-payment-services.com *.paypal.com www.sandbox.paypal.com www.paypalobjects.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com *.typekit.net google.com *.cdn-apple.com *.braintreegateway.com js.stripe.com *.payments-amazon.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googlesyndication.com *.jsdelivr.net *.tiktok.com *.klaviyo.com fast.a.klaviyo.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.shopify.com *.sandbox.braintreegateway.com *.popt.in *.cloudflare.com celebrosnlp.com *.celebros-analytics.com *.artifi.net maps.googleapis.com www.googletagservices.com cdn.gladly.qa cdn.gladly.com *.monetate.net *.visualwebsiteoptimizer.com *.cloudfront.net s.pinimg.com bat.bing.com tag.rmp.rakuten.com ut.rd.linksynergy.com *.pinterest.com cdn.noibu.com *.hotjar.com b-code.liadm.com secure.merchantadvantage.com *.celebros.com ep2.adtrafficquality.google static.lillianvernon.com lillianv-ac.celebros.com ajax.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://www.lillianvernon.com/pr-csp/report/add/; report-to report-endpoint;

upgrade-insecure-requests Source —

(no sources)

Content-Security-Policy-Report-Only

worker-src Scheme —

blob:

form-action Host —

*.cardinalcommerce.com

ASN | Cloudflare

form-action Host

PayPal

*.paypal.com

form-action Host

PayPal

www.sandbox.paypal.com

form-action Host —

*.amazon.com

form-action Host

Facebook

*.facebook.com

form-action Host

Google AdSense

*.googlesyndication.com

form-action Host

TikTok

*.tiktok.com

form-action Host

Facebook

connect.facebook.net

form-action Host —

3ds-secure.cardcomplete.com

ASN | NETCETERA-AG-AS - Netcetera AG

form-action Host —

www.clicksafe.lloydstsb.com

ASN | RSA-AS - EMC Information Systems International PUC

form-action Host —

pay.activa-card.com

form-action Host —

*.wirecard.com

form-action Host —

acs.sia.eu

ASN | SIA - Nexi Payments S.P.A.

form-action Host —

*.touchtechpayments.com

ASN | ALEXHOST - ALEXHOST SRL

form-action Host —

www.securesuite.co.uk

ASN | RSA-AS - EMC Information Systems International PUC

form-action Host —

rsa3dsauth.com

form-action Host —

*.monzo.com

form-action Host —

*.arcot.com

ASN | TUT-AS - Total Uptime Technologies

form-action Host —

*.wlp-acs.com

form-action Host —

plumrocket.com

form-action Keyword —

'self'

form-action Keyword —

'unsafe-inline'

frame-ancestors Keyword —

'self'

frame-src Host

Google Tag Manager

*.googletagmanager.com

frame-src Host —

*.cardinalcommerce.com

ASN | Cloudflare

frame-src Host

Google DoubleClick

bid.g.doubleclick.net

frame-src Host

YouTube

*.youtube.com

frame-src Host

YouTube

*.youtube-nocookie.com

frame-src Host

PayPal

*.paypal.com

frame-src Host

PayPal

www.sandbox.paypal.com

frame-src Host

Vimeo

player.vimeo.com

ASN | Cloudflare

frame-src Host

Google Search

*.google.com

frame-src Host

Braintree

*.braintreegateway.com

frame-src Host

Google Search

google.com

frame-src Host

Stripe

js.stripe.com

frame-src Host —

*.amazon.com

frame-src Host —

*.payments-amazon.com

frame-src Host

Google DoubleClick

*.doubleclick.net

frame-src Host

Facebook

*.facebook.com

frame-src Host

Google AdSense

*.googlesyndication.com

frame-src Host

TikTok

*.tiktok.com

frame-src Host

hCaptcha

https://hcaptcha.com

ASN | Cloudflare

frame-src Host

hCaptcha

https://*.hcaptcha.com

ASN | Cloudflare

frame-src Host

Cloudflare Turnstile

https://challenges.cloudflare.com

ASN | Cloudflare

frame-src Host

Facebook

connect.facebook.net

frame-src Host —

www.commercepartnerhub.com

frame-src Host

Braintree

assets.braintreegateway.com

ASN | Cloudflare

frame-src Host —

plumrocket.com

frame-src Host —

*.authorize.net

ASN | Cloudflare

frame-src Host —

*.artifi.net

frame-src Host

Google Conversion Tracking

www.googleadservices.com

frame-src Host

Pinterest

assets.pinterest.com

frame-src Host

Pinterest

ct.pinterest.com

frame-src Host

PayPal

www.paypalobjects.com

frame-src Host —

i.liadm.com

frame-src Host —

*.securly.com

frame-src Host

Zscaler

gateway.zscalerthree.net

ASN | ZSCALER-SJC1 - ZSCALER

frame-src Host

Google AdSense

ep2.adtrafficquality.google

frame-src Keyword —

'self'

frame-src Keyword —

'unsafe-inline'

script-src Host

Google Tag Manager

*.googletagmanager.com

script-src Host —

*.cardinalcommerce.com

ASN | Cloudflare

script-src Host —

includestest.ccdc02.com

ASN | Cloudflare

script-src Host

Google Conversion Tracking

www.googleadservices.com

script-src Host

Google Analytics

*.google-analytics.com

script-src Host

Google DoubleClick

googleads.g.doubleclick.net

script-src Host

Google Search

*.google.com

script-src Host

New Relic

*.newrelic.com

script-src Host —

*.nr-data.net

script-src Host —

*.authorize.net

ASN | Cloudflare

script-src Host —

*.commerce-payment-services.com

script-src Host

PayPal

*.paypal.com

script-src Host

PayPal

www.sandbox.paypal.com

script-src Host

PayPal

www.paypalobjects.com

script-src Host

YouTube

s.ytimg.com

script-src Host

Google API JS Client

www.googleapis.com

script-src Host

Vimeo

vimeo.com

ASN | Cloudflare

script-src Host

Vimeo

www.vimeo.com

ASN | Cloudflare

script-src Host

Vimeo

*.vimeocdn.com

script-src Host

YouTube

*.youtube.com

script-src Host

Google Static File Front End

*.gstatic.com

script-src Host

Adobe Dynamic Tag Management

assets.adobedtm.com

script-src Host

Adobe Target

amcglobal.sc.omtrdc.net

script-src Host —

*.magento-ds.com

script-src Host

Adobe Fonts (Typekit)

*.typekit.net

script-src Host

Google Search

google.com

script-src Host —

*.cdn-apple.com

script-src Host

Braintree

*.braintreegateway.com

script-src Host

Stripe

js.stripe.com

script-src Host —

*.payments-amazon.com

script-src Host —

*.google.bg

script-src Host

Facebook

*.facebook.com

script-src Host

Facebook

*.facebook.net

script-src Host

Google DoubleClick

*.doubleclick.net

script-src Host

Google AdSense

*.googlesyndication.com

script-src Host

jsDelivr

*.jsdelivr.net

script-src Host

TikTok

*.tiktok.com

script-src Host

Klaviyo

*.klaviyo.com

script-src Host

Klaviyo

fast.a.klaviyo.com

script-src Host

Google API JS Client

https://*.googleapis.com

script-src Host —

https://*.ggpht.com

script-src Host

Google Cloud Storage

https://*.googleusercontent.com

script-src Host

hCaptcha

https://hcaptcha.com

ASN | Cloudflare

script-src Host

hCaptcha

https://*.hcaptcha.com

ASN | Cloudflare

script-src Host

Cloudflare Turnstile

https://challenges.cloudflare.com

ASN | Cloudflare

script-src Host

Shopify

*.shopify.com

ASN | Cloudflare

script-src Host

Braintree

*.sandbox.braintreegateway.com

ASN | Cloudflare

script-src Host —

*.popt.in

ASN | DigitalOcean

script-src Host

Cloudflare CDN

*.cloudflare.com

ASN | Cloudflare

script-src Host —

celebrosnlp.com

ASN | Cloudflare

script-src Host —

*.celebros-analytics.com

ASN | XGLOBE-199391 - One System Integration LTD

script-src Host —

*.artifi.net

script-src Host

Google Maps

maps.googleapis.com

script-src Host

Google DoubleClick

www.googletagservices.com

script-src Host —

cdn.gladly.qa

script-src Host —

cdn.gladly.com

script-src Host —

*.monetate.net

script-src Host

Visual Website Optimizer

*.visualwebsiteoptimizer.com

ASN | Google Cloud

script-src Host

AWS CloudFront

*.cloudfront.net

script-src Host

Pinterest

s.pinimg.com

script-src Host

Microsoft Advertising

bat.bing.com

ASN | Microsoft

script-src Host —

tag.rmp.rakuten.com

ASN | Google Cloud

script-src Host —

ut.rd.linksynergy.com

ASN | Google Cloud

script-src Host

Pinterest

*.pinterest.com

script-src Host —

cdn.noibu.com

script-src Host

Hotjar

*.hotjar.com

script-src Host —

b-code.liadm.com

script-src Host —

secure.merchantadvantage.com

ASN | QTS-SUW1-ATL1 - Quality Technology Services

script-src Host —

*.celebros.com

ASN | Cloudflare

script-src Host

Google AdSense

ep2.adtrafficquality.google

script-src Host —

static.lillianvernon.com

script-src Host —

lillianv-ac.celebros.com

script-src Host

Google Hosted Libraries

ajax.googleapis.com

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

report-uri Host —

https://www.lillianvernon.com/pr-csp/report/add/

ASN | Cloudflare

report-to Host —

report-endpoint