Skip to content

Instantly share code, notes, and snippets.

@mnot mnot/csp violations
Last active Jan 14, 2016

Embed
What would you like to do?
One day's worth of CSP violations injected by toolbars and various other *ware
129 times:
<safari-extension://com.evernote.safari.clipper-q79wdw8yh9>
96 times:
<safari-extension://com.ideashower.pocket.safari-et279a6r5n>
88 times:
<>
34 times:
<about>
18 times:
<webviewprogressproxy://>
13 times:
<https://o.yieldsquare.com>
9 times:
<http://fonts.gstatic.com>
<safari-extension://com.solfyre-id.sid-lite-safari-44v7eryqa5>
<http://compare.buyhatke.com>
8 times:
<https://fonts.gstatic.com>
6 times:
<mx://res/reader-mode/reader.html>
<https://icontent.us>
5 times:
<https://d389zggrogs7qo.cloudfront.net>
4 times:
<https://d3ijcis4e2ziok.cloudfront.net>
<https://dl.metabar.ru>
<https://bufferapp.com>
<http://fontface.ninja>
3 times:
<https://www.instapaper.com>
<mbinit://>
<https://www.superfish.com>
2 times:
<https://pf-cdn.printfriendly.com>
<https://api.jollywallet.com>
safari-extension://com.avast.wrc-6h4hrtu5e3>
safari-extension://com.wotservicesoy.wot-ff6ww26hl3>
<https://5k9v3bc1-enehfzfv.netdna-ssl.com>
<https://4x3zy4ql-l8bu4n1j.netdna-ssl.com>
safari-extension://com.betteradvertising.ghostery-hpy23a294x>
<http://themes.googleusercontent.com>
https://css.zohostatic.com>
<http://10.129.1.211:15871>
1 times:
<safari-extension://com.add0n.dictionary-2c3w8rz8nd>
<https://apps.2gis.ru>
<http://restapi.dictionary.com>
<https://ads.panoramtech.net>
<https://nikkomsgchannel>
<https://cdn.viglink.com>
<mxaddon-pkg>
<https://www.google-analytics.com>
<https://i_sbitinjs_info.tlscdn.com>
<http://50.116.62.47>
<safari-extension://com.interclue.ultimatestatusbar-725998gksy>
<chrome-extension://>
<https://inst.shoppingate.info>
<https://mc.yandex.ru>
<http://vivafiliates.com.br>
<asset>
<https://translate.google.com>
<https://gateway.zscalertwo.net>
<https://www.best-deals-products.com>
@rudiedirkx

This comment has been minimized.

Copy link

commented Mar 17, 2015

Interesting! I had a bunch from fonts.googleapis.com and fonts.gstatic.com and encrypted-tbn2.gstatic.com and other dubious google sites. CSP-Reporting-Only is cool.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.