https://dpls.co.za

back
default-src 'none';
script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__en.js;
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
img-src 'self' data: https://ps.w.org https://s.w.org/ https://secure.gravatar.com https://www.googletagmanager.com;
connect-src 'self' https://www.google-analytics.com;
font-src 'self' data: https://fonts.gstatic.com;
form-action 'self';
frame-ancestors 'none';
object-src 'none';
frame-src 'self' https://www.google.com;
worker-src 'self' blob:;
manifest-src 'none';
base-uri 'none';
upgrade-insecure-requests;
HighMediumLowInfo
1 1 3 0

Time: a day ago

Source: header

Disposition: enforce

Policies: 1

Total Findings: 5

Scan Results

HIGH
Usage of unsafe-inline on script-src
script-src
MEDIUM
Missing reporting endpoint
report-uri
LOW
Unsafe usage of unsafe-inline on style-src
style-src
LOW
Missing 'report-sample'
script-src
LOW
Missing 'report-sample'
style-src
Looking for more tools to make CSP easier?

Csper has the tools to help you understand, deploy and manage your content security policy. Get started in minutes. Report aggregations, classification, analysis, alerting, realtime and more. Free 14 day trial.