https://www.google.com/maps/embed?pb=%211m18%211m12%211m3%211d753.0032177205043%212d29.100672829180457%213d40.98119899870649%212m3%211f0%212f0%213f0%213m2%211i1024%212i768%214f13.1%213m3%211m2%211s0x0%3A0x0%212zNDDCsDU4JzUyLjMiTiAyOcKwMDYnMDQuNCJF%215e0%213m2%211str%212str%214v1588936608531%215m2%211str%212str

Category: Search Engine Clean Browsing

Keywords: data play learn share store using google policy search account collect content example privacy service started personal services including information


Last fetched: 2020-05-14T19:52:57.653396+00:00

HTTP status: 5 Sub-resource URL


TLS/SSL configuration report

TLS score
F
Grade capped at F
Certificate path cannot be verified to a known root certificate

See full SSL/TLS security report for www.google.com

Security-related HTTP headers

  • Server: mafe

    Announces web server software and optionally version details.

    Read more...

  • X-XSS-Protection: 0

    Controls an Cross-Site Scripting (XSS) filters built into the majority of web browsers. The filter is usually turned on by default anyway, but requirement to set the header to 1 became part of canonical set of "secure" HTTP headers. Over time, vulnerabilities in the "sanitizing" mode filter were found, so 1; mode=block became the recommended value. Some companies decided that they don't really need a browser-side XSS filter to mess with their web services which are XSS-free anyway and they became consciously disabling the XSS filter by setting the header to 0.

    Read more...

Content Security Policy

  • object-src 'none';base-uri 'self';script-src 'nonce-4jZKyfswDQhPGOfzugPiHQ==' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
  • object-src 'none';base-uri 'self';script-src 'nonce-W8mMI502z7cKFvrij+f7Jw==' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
  • object-src 'none';base-uri 'self';script-src 'nonce-BsF59AkKyRbx8McNWzGwfw==' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
  • object-src 'none';base-uri 'self';script-src 'nonce-8wP5am8xtqdVb0lArN0elg==' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1

Want second opinion? Try Google CSP Evaluator.

Sub-resources

Parent pages

Parent pages loading this resource.
Fully automated RESTful API is now available. Subscribe for your free trial today!