/
aramex.com.html
180 lines (171 loc) · 11.9 KB
/
aramex.com.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>CSP Data for aramex.com</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css"
integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm"
crossorigin="anonymous">
<style>
.table td, .table th {
padding: .75rem;
vertical-align: top;
border-top: 1px solid #dee2e6;
text-align: inherit;
}
pre {
margin: 0px;
white-space: pre-wrap; /* css-3 */
white-space: -moz-pre-wrap; /* Mozilla, since 1999 */
white-space: -pre-wrap; /* Opera 4-6 */
white-space: -o-pre-wrap; /* Opera 7 */
word-wrap: break-word; /* Internet Explorer 5.5+ */
}
abbr[title] {
border-bottom: none !important;
cursor: inherit !important;
text-decoration: none !important;
}
</style>
</head>
<body>
<h1 style="margin: 12px;">CSP Data for: <a href="http://aramex.com" target="_blank">aramex.com</a></h1>
<table class="table table-hover">
<thead>
<tr>
<th scope="col" style="min-width: 1em; max-width: 1em;">#</th>
<th scope="col" style="min-width: 8em; max-width: 8em;">Time Frame</th>
<th scope="col" style="min-width: 5em; max-width: 5em;">Framing Control</th>
<th scope="col" style="min-width: 6em; max-width: 6em;">TLS Enforce</th>
<th scope="col" style="min-width: 6em; max-width: 6em;">Content Control</th>
<th scope="col" style="min-width: 6em; max-width: 6em;">Third JS Parties</th>
<th scope="col" style="min-width: 6em; max-width: 6em;">'unsafe-inline'</th>
<th scope="col" style="min-width: 6em; max-width: 6em;">http / https / *</th>
<th scope="col" style="min-width: 6em; max-width: 6em;">data:</th>
<th scope="col" style="min-width: 4em; max-width: 4em;">Diffs</th>
<th scope="col" style="min-width: 95em; max-width: 95em;">Normalized Policy</th>
</tr>
</thead>
<tbody>
<tr>
<td><pre>0</pre></td>
<td><abbr title="Time Frame"><pre>2017-03-09 - 2017-03-12</pre></abbr></td>
<td><abbr title="Is Framing Control?"><pre>False</pre></abbr></td>
<td><abbr title="Is TLS Enforcement?"><pre>False</pre></abbr></td>
<td><abbr title="Is Content Restriction?"><pre>True</pre></abbr></td>
<td><abbr title="googletagmanager.com
googleapis.com
here.com"><pre>3</pre></abbr></td>
<td><abbr title="Has 'unsafe-inline' without hashes/nonces"><pre>True</pre></abbr></td>
<td><abbr title="Has whitelisted whole schemata"><pre>True</pre></abbr></td>
<td><abbr title="Has whitelisted data URIs"><pre>False</pre></abbr></td>
<td><abbr title=""><pre>0</pre></abbr></td>
<td style="min-width: 20em; max-width: 20em;"><abbr title="Normalized CSP"><pre><b>connect-src</b> 'self' https:; <b>default-src</b> 'self'; <b>font-src</b> 'self' data: fonts.gstatic.com https:; <b>form-action</b> 'self' 'unsafe-inline'; <b>frame-src</b> 'self' charts3.equitystory.com s7.addthis.com www.youtube.com; <b>img-src</b> data: *; <b>script-src</b> ajax.googleapis.com https: 'self' www.googletagmanager.com js.cit.api.here.com 'unsafe-inline' 'unsafe-eval'; <b>style-src</b> 'self' fonts.googleapis.com js.cit.api.here.com 'unsafe-inline'; </pre></abbr></td>
</tr>
<tr>
<td><pre>1</pre></td>
<td><abbr title="Time Frame"><pre>2017-03-13 - 2017-05-19</pre></abbr></td>
<td><abbr title="Is Framing Control?"><pre>False</pre></abbr></td>
<td><abbr title="Is TLS Enforcement?"><pre>False</pre></abbr></td>
<td><abbr title="Is Content Restriction?"><pre>True</pre></abbr></td>
<td><abbr title="googletagmanager.com
googleapis.com
here.com"><pre>3</pre></abbr></td>
<td><abbr title="Has 'unsafe-inline' without hashes/nonces"><pre>True</pre></abbr></td>
<td><abbr title="Has whitelisted whole schemata"><pre>True</pre></abbr></td>
<td><abbr title="Has whitelisted data URIs"><pre>False</pre></abbr></td>
<td><abbr title="frame-src
+ irpages2.equitystory.com"><pre>1</pre></abbr></td>
<td style="min-width: 20em; max-width: 20em;"><abbr title="Normalized CSP"><pre><b>connect-src</b> 'self' https:; <b>default-src</b> 'self'; <b>font-src</b> 'self' data: fonts.gstatic.com https:; <b>form-action</b> 'self' 'unsafe-inline'; <b>frame-src</b> www.youtube.com 'self' charts3.equitystory.com s7.addthis.com irpages2.equitystory.com; <b>img-src</b> data: *; <b>script-src</b> ajax.googleapis.com https: 'self' www.googletagmanager.com js.cit.api.here.com 'unsafe-inline' 'unsafe-eval'; <b>style-src</b> 'self' fonts.googleapis.com js.cit.api.here.com 'unsafe-inline'; </pre></abbr></td>
</tr>
<tr>
<td><pre>2</pre></td>
<td><abbr title="Time Frame"><pre>2017-05-20 - 2017-08-29</pre></abbr></td>
<td><abbr title="Is Framing Control?"><pre>False</pre></abbr></td>
<td><abbr title="Is TLS Enforcement?"><pre>False</pre></abbr></td>
<td><abbr title="Is Content Restriction?"><pre>True</pre></abbr></td>
<td><abbr title="googletagmanager.com
googleapis.com
here.com"><pre>3</pre></abbr></td>
<td><abbr title="Has 'unsafe-inline' without hashes/nonces"><pre>True</pre></abbr></td>
<td><abbr title="Has whitelisted whole schemata"><pre>True</pre></abbr></td>
<td><abbr title="Has whitelisted data URIs"><pre>False</pre></abbr></td>
<td><abbr title="frame-src
+ aramex.api.sociaplus.com
+ api.sociaplus.com
style-src
+ aramex.api.sociaplus.com
+ js.api.here.com
+ tagmanager.google.com"><pre>5</pre></abbr></td>
<td style="min-width: 20em; max-width: 20em;"><abbr title="Normalized CSP"><pre><b>connect-src</b> 'self' https:; <b>default-src</b> 'self'; <b>font-src</b> 'self' data: fonts.gstatic.com https:; <b>form-action</b> 'self' 'unsafe-inline'; <b>frame-src</b> aramex.api.sociaplus.com www.youtube.com api.sociaplus.com 'self' charts3.equitystory.com s7.addthis.com irpages2.equitystory.com; <b>img-src</b> data: *; <b>script-src</b> ajax.googleapis.com https: 'self' www.googletagmanager.com js.cit.api.here.com 'unsafe-inline' 'unsafe-eval'; <b>style-src</b> aramex.api.sociaplus.com fonts.googleapis.com 'self' js.cit.api.here.com 'unsafe-inline' js.api.here.com tagmanager.google.com; </pre></abbr></td>
</tr>
<tr>
<td><pre>3</pre></td>
<td><abbr title="Time Frame"><pre>2017-08-30 - 2017-11-05</pre></abbr></td>
<td><abbr title="Is Framing Control?"><pre>False</pre></abbr></td>
<td><abbr title="Is TLS Enforcement?"><pre>False</pre></abbr></td>
<td><abbr title="Is Content Restriction?"><pre>True</pre></abbr></td>
<td><abbr title="googletagmanager.com
googleapis.com
here.com"><pre>3</pre></abbr></td>
<td><abbr title="Has 'unsafe-inline' without hashes/nonces"><pre>True</pre></abbr></td>
<td><abbr title="Has whitelisted whole schemata"><pre>True</pre></abbr></td>
<td><abbr title="Has whitelisted data URIs"><pre>False</pre></abbr></td>
<td><abbr title="default-src
+ dotcomaramexprod.blob.core.windows.net
frame-src
+ qas4.equitystory.com
+ charts25.equitystory.com
style-src
+ www.gstatic.com"><pre>4</pre></abbr></td>
<td style="min-width: 20em; max-width: 20em;"><abbr title="Normalized CSP"><pre><b>connect-src</b> 'self' https:; <b>default-src</b> 'self' dotcomaramexprod.blob.core.windows.net; <b>font-src</b> 'self' data: fonts.gstatic.com https:; <b>form-action</b> 'self' 'unsafe-inline'; <b>frame-src</b> aramex.api.sociaplus.com www.youtube.com charts25.equitystory.com api.sociaplus.com 'self' qas4.equitystory.com charts3.equitystory.com s7.addthis.com irpages2.equitystory.com; <b>img-src</b> data: *; <b>script-src</b> ajax.googleapis.com https: 'self' www.googletagmanager.com js.cit.api.here.com 'unsafe-inline' 'unsafe-eval'; <b>style-src</b> aramex.api.sociaplus.com fonts.googleapis.com 'self' www.gstatic.com js.cit.api.here.com 'unsafe-inline' js.api.here.com tagmanager.google.com; </pre></abbr></td>
</tr>
<tr>
<td><pre>4</pre></td>
<td><abbr title="Time Frame"><pre>2017-11-06 - 2018-02-18</pre></abbr></td>
<td><abbr title="Is Framing Control?"><pre>False</pre></abbr></td>
<td><abbr title="Is TLS Enforcement?"><pre>False</pre></abbr></td>
<td><abbr title="Is Content Restriction?"><pre>True</pre></abbr></td>
<td><abbr title="cloudflare.com
googleapis.com
here.com
googletagmanager.com
google-analytics.com"><pre>5</pre></abbr></td>
<td><abbr title="Has 'unsafe-inline' without hashes/nonces"><pre>True</pre></abbr></td>
<td><abbr title="Has whitelisted whole schemata"><pre>True</pre></abbr></td>
<td><abbr title="Has whitelisted data URIs"><pre>False</pre></abbr></td>
<td><abbr title="connect-src
+ http:
frame-src
+ aramex-fior.typeform.com
style-src
+ cdnjs.cloudflare.com
script-src
+ cdnjs.cloudflare.com
+ www.google-analytics.com"><pre>5</pre></abbr></td>
<td style="min-width: 20em; max-width: 20em;"><abbr title="Normalized CSP"><pre><b>connect-src</b> 'self' https: http:; <b>default-src</b> 'self' dotcomaramexprod.blob.core.windows.net; <b>font-src</b> 'self' data: fonts.gstatic.com https:; <b>form-action</b> 'self' 'unsafe-inline'; <b>frame-src</b> aramex.api.sociaplus.com www.youtube.com charts25.equitystory.com api.sociaplus.com aramex-fior.typeform.com 'self' qas4.equitystory.com charts3.equitystory.com s7.addthis.com irpages2.equitystory.com; <b>img-src</b> data: *; <b>script-src</b> ajax.googleapis.com https: 'self' cdnjs.cloudflare.com www.googletagmanager.com js.cit.api.here.com 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; <b>style-src</b> aramex.api.sociaplus.com fonts.googleapis.com 'self' cdnjs.cloudflare.com js.cit.api.here.com www.gstatic.com 'unsafe-inline' js.api.here.com tagmanager.google.com; </pre></abbr></td>
</tr>
<tr>
<td><pre>5</pre></td>
<td><abbr title="Time Frame"><pre>2018-02-27 - END</pre></abbr></td>
<td><abbr title="Is Framing Control?"><pre>False</pre></abbr></td>
<td><abbr title="Is TLS Enforcement?"><pre>False</pre></abbr></td>
<td><abbr title="Is Content Restriction?"><pre>True</pre></abbr></td>
<td><abbr title="sociaplus.com
cloudflare.com
jquery.com
here.com
googletagmanager.com
google-analytics.com"><pre>6</pre></abbr></td>
<td><abbr title="Has 'unsafe-inline' without hashes/nonces"><pre>True</pre></abbr></td>
<td><abbr title="Has whitelisted whole schemata"><pre>False</pre></abbr></td>
<td><abbr title="Has whitelisted data URIs"><pre>False</pre></abbr></td>
<td><abbr title="script-src
- ajax.googleapis.com
- https:
+ aramex.api.sociaplus.com
+ https://code.jquery.com
+ api.sociaplus.com"><pre>5</pre></abbr></td>
<td style="min-width: 20em; max-width: 20em;"><abbr title="Normalized CSP"><pre><b>connect-src</b> 'self' https: http:; <b>default-src</b> 'self' dotcomaramexprod.blob.core.windows.net; <b>font-src</b> 'self' data: fonts.gstatic.com https:; <b>form-action</b> 'self' 'unsafe-inline'; <b>frame-src</b> aramex.api.sociaplus.com www.youtube.com charts25.equitystory.com api.sociaplus.com aramex-fior.typeform.com 'self' qas4.equitystory.com charts3.equitystory.com s7.addthis.com irpages2.equitystory.com; <b>img-src</b> data: *; <b>script-src</b> aramex.api.sociaplus.com api.sociaplus.com 'self' https://code.jquery.com www.googletagmanager.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' js.cit.api.here.com www.google-analytics.com; <b>style-src</b> aramex.api.sociaplus.com fonts.googleapis.com 'self' cdnjs.cloudflare.com js.cit.api.here.com www.gstatic.com 'unsafe-inline' js.api.here.com tagmanager.google.com; </pre></abbr></td>
</tr>
</tbody></table></body></html>