Scan any website for HTTP cookies, Flash, HTML5 localStorage, sessionStorage, CANVAS, supercookies, evercookies as well as SSL/TLS and HTTP security

Websites setting Content-Security-Policy HTTP header
Website Content-Security-Policy header value
62258097.va.cobrowse.liveperson.net frame-ancestors 'self' https://*.lprnd.net:* http://*.lprnd.net:* https://*.liveperson.net http://*.liveperson.net https://*.synchronite.de http://*.synchronite.de; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; font-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; child-src 'self'; connect-src va.cobrowse.liveperson.net *.va.cobrowse.liveperson.net wss://*.va.cobrowse.liveperson.net;
webcookies.org script-src https://webcookies-20c4.kxcdn.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://pagead2.googlesyndication.com https://connect.facebook.net https://*.google.com https://*.twitter.com https://*.linkedin.com https://webcookies.disqus.com https://*.disquscdn.com 'unsafe-inline' 'self'; style-src https://maxcdn.bootstrapcdn.com https://webcookies-20c4.kxcdn.com https://fonts.googleapis.com https://*.disquscdn.com https://cdnjs.cloudflare.com 'unsafe-inline'; frame-ancestors 'none'; default-src 'none'; frame-src https://*.google.com https://*.facebook.com https://*.twitter.com https://*.doubleclick.net https://platform.linkedin.com https://disqus.com; object-src https://pagead2.googlesyndication.com; upgrade-insecure-requests ; img-src https://webcookies-20c4.kxcdn.com https://*.facebook.com https://*.twitter.com https://pagead2.googlesyndication.com https://*.disquscdn.com https://*.paypal.com https://online.swagger.io https://static.licdn.com https://*.gstatic.com https://www.linkedin.com https://referrer.disqus.com 'self'; media-src 'none'; child-src 'none'; referrer unsafe-url; reflected-xss block; connect-src https://pagead2.googlesyndication.com https://links.services.disqus.com 'self'; font-src https://maxcdn.bootstrapcdn.com https://webcookies-20c4.kxcdn.com https://fonts.googleapis.com https://fonts.gstatic.com; form-action 'self' https://*.paypal.com; report-uri /csp/report/;
sharez.expressen.se default-src 'self'
mail.yandex.ru default-src 'none';connect-src 'self' mc.yandex.ru yastatic.net;font-src yastatic.net;frame-src 'none';img-src 'self' data: mc.yandex.ru www.tns-counter.ru *.captcha.yandex.net yastatic.net;media-src yastatic.net;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-e14422d5e58c1c14075954d5c8ccd1d9' mc.yandex.ru social.yandex.ru yastatic.net;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?from=mail-hostroot&version=4.0.0-4&yandexuid=7397394161490468260&yandex_login=&puid=&reqid=iface-1490468260233-80580712
sendgrid.org frame-ancestors 'self'
www.bcm80.nl default-src 'self'
cdnjs.cloudflare.com upgrade-insecure-requests; default-src 'unsafe-eval' 'self' *.carbonads.com *.getclicky.com fonts.gstatic.com www.google-analytics.com fonts.googleapis.com cdnjs.cloudflare.com 'unsafe-inline' https: data: ;report-uri https://cdnjs.report-uri.io/r/default/hpkp/enforce
cdnjs.cloudflare.com upgrade-insecure-requests; default-src 'unsafe-eval' 'self' *.carbonads.com *.getclicky.com fonts.gstatic.com www.google-analytics.com fonts.googleapis.com cdnjs.cloudflare.com 'unsafe-inline' https: data: ;report-uri https://cdnjs.report-uri.io/r/default/hpkp/enforce
webcookies.org script-src https://webcookies-20c4.kxcdn.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://pagead2.googlesyndication.com https://connect.facebook.net https://*.google.com https://*.twitter.com https://*.linkedin.com https://webcookies.disqus.com https://*.disquscdn.com 'unsafe-inline' 'self'; style-src https://maxcdn.bootstrapcdn.com https://webcookies-20c4.kxcdn.com https://fonts.googleapis.com https://*.disquscdn.com https://cdnjs.cloudflare.com 'unsafe-inline'; frame-ancestors 'none'; default-src 'none'; frame-src https://*.google.com https://*.facebook.com https://*.twitter.com https://*.doubleclick.net https://platform.linkedin.com https://disqus.com; object-src https://pagead2.googlesyndication.com; upgrade-insecure-requests ; img-src https://webcookies-20c4.kxcdn.com https://*.facebook.com https://*.twitter.com https://pagead2.googlesyndication.com https://*.disquscdn.com https://*.paypal.com https://online.swagger.io https://static.licdn.com https://*.gstatic.com https://www.linkedin.com https://referrer.disqus.com 'self'; media-src 'none'; child-src 'none'; referrer unsafe-url; reflected-xss block; connect-src https://pagead2.googlesyndication.com https://links.services.disqus.com 'self'; font-src https://maxcdn.bootstrapcdn.com https://webcookies-20c4.kxcdn.com https://fonts.googleapis.com https://fonts.gstatic.com; form-action 'self' https://*.paypal.com; report-uri /csp/report/;
paypal.com default-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com 'unsafe-inline'; frame-src 'self' https://*.brighttalk.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube.com/embed/ https://www.paypal-donations.com https://www.paypal-donations.co.uk https://*.qa.missionfish.org https://www.youtube-nocookie.com https://www.xoom.com https://*.pub.247-inc.net/; script-src 'self' https://*.brighttalk.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://*.t.eloqua.com https://img.en25.com/i/elqCfg.min.js https://nexus.ensighten.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.salesforce.com https://*.force.com https://*.eloqua.com https://nexus.ensighten.com https://storelocator.api.where.com https://api.paypal-retaillocator.com https://nominatim.openstreetmap.org https://www.paypal-biz.com; img-src 'self' * data:; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypalobjects.com;
www.brico.be frame-ancestors 'self' cmsv2.zebrix.net
www.brico.be frame-ancestors 'self' cmsv2.zebrix.net
www.ccv.nl default-src 'self'; script-src 'self' data: https://www.gstatic.com ajax.googleapis.com *.googletagmanager.com *.ytimg.com *.google.com *.google-analytics.com *.youtube.com static.doubleclick.net s7.addthis.com m.addthis.com platform.twitter.com connect.facebook.net c.getscenario.com bat.bing.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com *.ytimg.com 'unsafe-inline'; img-src 'self' data: https://*.ccv.nl https://ccv.eu https://*.ccv.eu https://www.google.com https://www.google.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://syndication.twitter.com https://www.thuiswinkel.org https://bat.r.msn.com https://bat.bing.com; media-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; frame-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; child-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com s7.addthis.com m.addthis.com *://*.hotjar.com:* hotjar.com *.hotjar.com *://*.hotjar.com https://postcode-api.apiwise.nl; report-uri /report-csp-violation
www.ccv.nl default-src 'self'; script-src 'self' data: https://www.gstatic.com ajax.googleapis.com *.googletagmanager.com *.ytimg.com *.google.com *.google-analytics.com *.youtube.com static.doubleclick.net s7.addthis.com m.addthis.com platform.twitter.com connect.facebook.net c.getscenario.com bat.bing.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com *.ytimg.com 'unsafe-inline'; img-src 'self' data: https://*.ccv.nl https://ccv.eu https://*.ccv.eu https://www.google.com https://www.google.nl https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://syndication.twitter.com https://www.thuiswinkel.org https://bat.r.msn.com https://bat.bing.com; media-src 'self' *.youtube.com *.ytimg.com 'unsafe-inline'; frame-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; child-src 'self' https://e.ccv.nl https://*.ccv.ch www.google.com *.youtube.com *.ytimg.com s7.addthis.com platform.twitter.com https://www.facebook.com staticxx.facebook.com player.vimeo.com https://vars.hotjar.com 'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com s7.addthis.com m.addthis.com *://*.hotjar.com:* hotjar.com *.hotjar.com *://*.hotjar.com https://postcode-api.apiwise.nl; report-uri /report-csp-violation
koti.op-lab.fi connect-src 'self' https://www.google-analytics.com https://insights.hotjar.com; default-src 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://vars.hotjar.com; img-src 'self' https://browser-update.org https://csi.gstatic.com data: https://www.facebook.com https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com; script-src 'self' 'unsafe-inline' https://browser-update.org https://cdn.jsdelivr.net https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://script.hotjar.com https://static.hotjar.com https://track.adform.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; report-uri /csp-violation
paypal.com default-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com 'unsafe-inline'; frame-src 'self' https://*.brighttalk.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube.com/embed/ https://www.paypal-donations.com https://www.paypal-donations.co.uk https://*.qa.missionfish.org https://www.youtube-nocookie.com https://www.xoom.com https://*.pub.247-inc.net/; script-src 'self' https://*.brighttalk.com https://*.paypal.com https://*.paypalobjects.com https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://*.t.eloqua.com https://img.en25.com/i/elqCfg.min.js https://nexus.ensighten.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.salesforce.com https://*.force.com https://*.eloqua.com https://nexus.ensighten.com https://storelocator.api.where.com https://api.paypal-retaillocator.com https://nominatim.openstreetmap.org https://www.paypal-biz.com; img-src 'self' * data:; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; font-src 'self' https://*.paypalobjects.com;
www.nalufloats.com block-all-mixed-content; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=fd06c6da-baa9-4b43-953f-9f2f6c9d4daa
www.nalufloats.com block-all-mixed-content; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=613a7ab9-e449-45da-bf7c-ca32b6f8ab7a
6035110.va.cobrowse.liveperson.net frame-ancestors 'self' https://*.lprnd.net:* http://*.lprnd.net:* https://*.liveperson.net http://*.liveperson.net https://*.synchronite.de http://*.synchronite.de; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; font-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; child-src 'self'; connect-src va.cobrowse.liveperson.net *.va.cobrowse.liveperson.net wss://*.va.cobrowse.liveperson.net;
shop.mrkate.com block-all-mixed-content; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=b5f2116e-ec12-4ee1-9718-de888873dd94
scotthelme.report-uri.io default-src 'self'; script-src 'self' https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdnjs.cloudflare.com https://www.google-analytics.com https://platform.twitter.com https://cdn.datatables.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://www.google-analytics.com https://secure.gravatar.com https://cdnjs.cloudflare.com https://i1.wp.com https://www.gravatar.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; connect-src 'self'; frame-ancestors 'none'; form-action 'self'; block-all-mixed-content; reflected-xss block; base-uri https://report-uri.io; referrer origin-when-cross-origin; report-uri https://scotthelme.report-uri.io/r/default/csp/enforce
49775471.va.cobrowse.liveperson.net frame-ancestors 'self' https://*.lprnd.net:* http://*.lprnd.net:* https://*.liveperson.net http://*.liveperson.net https://*.synchronite.de http://*.synchronite.de; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; font-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; child-src 'self'; connect-src va.cobrowse.liveperson.net *.va.cobrowse.liveperson.net wss://*.va.cobrowse.liveperson.net;
9467814.lo.cobrowse.liveperson.net frame-ancestors 'self' https://*.lprnd.net:* http://*.lprnd.net:* https://*.liveperson.net http://*.liveperson.net https://*.synchronite.de http://*.synchronite.de; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; font-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; child-src 'self'; connect-src lo.cobrowse.liveperson.net *.lo.cobrowse.liveperson.net wss://*.lo.cobrowse.liveperson.net;
shop.mrkate.com block-all-mixed-content; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fcart&source%5Bsection%5D=storefront&source%5Buuid%5D=7d97eed6-b2c1-4e6f-8d5b-e74f88bcd50b
www.forbes.com upgrade-insecure-requests
Page 1 of 108