http://136.243.208.16:9999/

back
default-src 'self';
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.koios.rest https://data.snakepool.link https://va.vercel-scripts.com;
style-src 'self' 'unsafe-inline' http: https:;
img-src 'self' data: http: https:;
font-src 'self' http: https:;
connect-src 'self' http: https:;
HighMediumLowInfo
1 11 4 0

Time: a day ago

Source: header

Disposition: enforce

Policies: 1

Total Findings: 16

Scan Results

HIGH
Usage of unsafe-inline on script-src
script-src
MEDIUM
Missing reporting endpoint
report-uri
MEDIUM
Non-encrypted loading of external assets (http: / ws:)
connect-src
MEDIUM
Missing object-src (with non-restrictive default-src)
object-src
MEDIUM
Missing base-uri
base-uri
MEDIUM
Missing path on source for sensitive directive
script-src
MEDIUM
Missing path on source for sensitive directive
script-src
MEDIUM
Unsafe usage of unsafe-eval
script-src
MEDIUM
Non-encrypted loading of external assets (http: / ws:)
img-src
MEDIUM
Missing path on source for sensitive directive
script-src
MEDIUM
Non-encrypted loading of external assets (http: / ws:)
style-src
MEDIUM
Non-encrypted loading of external assets (http: / ws:)
font-src
LOW
Unsafe usage of unsafe-inline on style-src
style-src
LOW
Missing form-action
form-action
LOW
Missing 'report-sample'
script-src
LOW
Missing 'report-sample'
style-src
Looking for more tools to make CSP easier?

Csper has the tools to help you understand, deploy and manage your content security policy. Get started in minutes. Report aggregations, classification, analysis, alerting, realtime and more. Free 14 day trial.