Scan any website for HTTP cookies, Flash, HTML5 localStorage, sessionStorage, CANVAS, supercookies, evercookies as well as SSL/TLS and HTTP security

Websites setting Content-Security-Policy HTTP header
Website Content-Security-Policy header value
www.blueorangebank.com default-src 'self' *.google.lv *.google.com https://*.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.ipinfo.io *.amazonaws.com *.jivosite.com wss://*.jivosite.com *.yandex.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.yandex.ru *.googleadservices.com *.googletagmanager.com https://*.google-analytics.com *.ipinfo.io *.googleapis.com *.google.com *.gstatic.com *.jivosite.com; font-src 'self' data: *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' data: *.yandex.ru *.googleadservices.com *.gstatic.com *.googleapis.com; img-src 'self' data: *.facebook.com *.google.lv *.yandex.ru *.googleadservices.com *.google.com *.gstatic.com http://*.gstatic.com https://*.gstatic.com https://*.google-analytics.com *.googleapis.com *.doubleclick.net *.maxcdn.com *.amazonaws.com; child-src 'self' *.google.com
support.sky-tours.com default-src 'self' blob:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data: blob:; font-src * data:; connect-src *; media-src * data: blob:; object-src *; child-src * blob:; form-action *; frame-src 'self' https://www.google.com/recaptcha/; frame-ancestors 'self'
webcookies.org script-src https://webcookies-20c4.kxcdn.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://pagead2.googlesyndication.com https://connect.facebook.net https://*.google.com https://*.twitter.com https://*.linkedin.com https://webcookies.disqus.com https://*.disquscdn.com 'unsafe-inline' 'self'; style-src https://maxcdn.bootstrapcdn.com https://webcookies-20c4.kxcdn.com https://fonts.googleapis.com https://*.disquscdn.com https://cdnjs.cloudflare.com 'unsafe-inline'; frame-ancestors 'none'; default-src 'none'; frame-src https://*.google.com https://*.facebook.com https://*.twitter.com https://*.doubleclick.net https://platform.linkedin.com https://disqus.com; object-src https://pagead2.googlesyndication.com; upgrade-insecure-requests ; img-src https://webcookies-20c4.kxcdn.com https://*.facebook.com https://*.twitter.com https://pagead2.googlesyndication.com https://*.paypal.com https://online.swagger.io https://static.licdn.com https://*.gstatic.com https://www.linkedin.com https://referrer.disqus.com 'self'; media-src 'none'; child-src 'none'; referrer unsafe-url; reflected-xss block; connect-src https://pagead2.googlesyndication.com https://links.services.disqus.com 'self'; font-src https://maxcdn.bootstrapcdn.com https://webcookies-20c4.kxcdn.com https://fonts.googleapis.com https://fonts.gstatic.com; form-action 'self' https://*.paypal.com; report-uri /csp/report/;
blueorangebank.com default-src 'self' *.google.lv *.google.com https://*.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.ipinfo.io *.amazonaws.com *.jivosite.com wss://*.jivosite.com *.yandex.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.yandex.ru *.googleadservices.com *.googletagmanager.com https://*.google-analytics.com *.ipinfo.io *.googleapis.com *.google.com *.gstatic.com *.jivosite.com; font-src 'self' data: *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' data: *.yandex.ru *.googleadservices.com *.gstatic.com *.googleapis.com; img-src 'self' data: *.facebook.com *.google.lv *.yandex.ru *.googleadservices.com *.google.com *.gstatic.com http://*.gstatic.com https://*.gstatic.com https://*.google-analytics.com *.googleapis.com *.doubleclick.net *.maxcdn.com *.amazonaws.com; child-src 'self' *.google.com
www.tax.service.gov.uk default-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:9032 localhost:9250 www.google-analytics.com assets.digital.cabinet-office.gov.uk assets.publishing.service.gov.uk localhost:9032 localhost:8291 webchat-dev.tax.service.gov.uk *.analytics-egain.com stats.g.doubleclick.net www.google-analytics.com data:
ffprofile.com default-src 'self' data: 'unsafe-inline' ; style-src 'self' data: 'unsafe-inline' ; img-src 'self' data: https://camo.githubusercontent.com ; report-uri https://sentry.laxu.de/api/2/csp-report/?sentry_key=d9ede316ffc14b358e7a1237e3082d9c, default-src 'self' data: 'unsafe-inline' ; style-src 'self' data: 'unsafe-inline' ; img-src 'self' data: https://camo.githubusercontent.com ; report-uri https://sentry.laxu.de/api/2/csp-report/?sentry_key=d9ede316ffc14b358e7a1237e3082d9c
ffprofile.com default-src 'self' data: 'unsafe-inline' ; style-src 'self' data: 'unsafe-inline' ; img-src 'self' data: https://camo.githubusercontent.com ; report-uri https://sentry.laxu.de/api/2/csp-report/?sentry_key=d9ede316ffc14b358e7a1237e3082d9c, default-src 'self' data: 'unsafe-inline' ; style-src 'self' data: 'unsafe-inline' ; img-src 'self' data: https://camo.githubusercontent.com ; report-uri https://sentry.laxu.de/api/2/csp-report/?sentry_key=d9ede316ffc14b358e7a1237e3082d9c
api.blockchain.info img-src 'self' data: https://share.pingdom.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; frame-src 'none'; child-src 'none'; script-src 'self' https://www.google-analytics.com; connect-src 'self' *.blockchain.info wss://*.blockchain.info https://blockchain.info wss://ws.blockchain.info; object-src 'none'; media-src 'none'; font-src 'self';
blockchain.info img-src 'self' data: https://blockchain.info https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; frame-src 'none'; child-src 'none'; script-src 'self' https://www.google-analytics.com; connect-src 'self' *.blockchain.info wss://*.blockchain.info https://blockchain.info wss://ws.blockchain.info; object-src 'none'; media-src 'none'; font-src 'self';
api.blockchain.info img-src 'self' data: https://blockchain.info https://*.blockchain.info https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.blockchain.info; frame-src 'none'; child-src 'none'; script-src 'self' https://www.google-analytics.com 'unsafe-inline' https://*.blockchain.info; connect-src 'self' wss://*.blockchain.info https://api.blockchain.info https://blockchain.info; object-src 'none'; media-src 'self' data: mediastream: blob:; font-src 'self';
api.blockchain.info img-src 'self' data: https://blockchain.info https://*.blockchain.info https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.blockchain.info; frame-src 'none'; child-src 'none'; script-src 'self' https://www.google-analytics.com 'unsafe-inline' https://*.blockchain.info; connect-src 'self' wss://*.blockchain.info https://api.blockchain.info https://blockchain.info; object-src 'none'; media-src 'self' data: mediastream: blob:; font-src 'self';
api.blockchain.info img-src 'self' data: https://blockchain.info https://*.blockchain.info https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.blockchain.info; frame-src 'none'; child-src 'none'; script-src 'self' https://www.google-analytics.com 'unsafe-inline' https://*.blockchain.info; connect-src 'self' wss://*.blockchain.info https://api.blockchain.info https://blockchain.info; object-src 'none'; media-src 'self' data: mediastream: blob:; font-src 'self';
appleid.cdn-apple.com default-src *; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.apple.com https://*.cdn-apple.com; style-src 'unsafe-inline' https://*.apple.com https://*.cdn-apple.com; connect-src 'self'; img-src 'self' data: https://*.apple.com https://*.cdn-apple.com https://*.icloud.com https://*.mzstatic.com; media-src * data:;
comiconlinexxx.blogspot.it script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
comiconlinexxx.blogspot.it script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
www.netwit.de default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com
www.netwit.de default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com
www.netwit.de default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com
www.netwit.de default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com
www.netwit.de default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com
comiconlinexxx.blogspot.com script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
comiconlinexxx.blogspot.com script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
static.uqu.edu.sa default-src 'self' https:
compilenix.org default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.compilenix.org compilenix.org dharma.no-trust.org *.googleapis.com *.gstatic.com *.google.com *.gravatar.com code.jquery.com; frame-ancestors 'self' ; form-action 'self' ; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer;
compilenix.org default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.compilenix.org compilenix.org dharma.no-trust.org *.googleapis.com *.gstatic.com *.google.com *.gravatar.com code.jquery.com; frame-ancestors 'self' ; form-action 'self' ; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer;
Page 1 of 99