Evaluate fetch baseline [fail]! CSP does not define default-src; several fetch directives may have no restrictive fallback.INFOEvaluate fetch baselineINFOEvaluate resource loading fallback explicitFetchDirectives=[]FAILCompare fetch baseline actual="0 explicit fetch directives" expected="restricted default-src or broad explicit fetch coverage" issue="CSP does not define default-src; several fetch directives may have no restrictive fallback."FAILCSP does not define default-src; several fetch directives may have no restrictive fallback.Evaluate script execution [fail]! No script-src or default-src directive constrains script execution.INFOEvaluate script executionINFOInspect effective script directive FAILCompare script execution posture actual={"hasNonce":false,"hasHash":false,"hasStrictDynamic":false,"hasUnsafeInline":false,"hasUnsafeEval":false,"hasWildcardHost":false,"hasBroadScheme":false,"dangerousSchemes":[]} expected="constrained script sources without unsafe execution allowances" issue="No script-src or default-src directive constrains script execution."FAILNo script-src or default-src directive constrains script execution.Review hardening directives [warning]! CSP is missing recommended hardening directives: object-src, base-uri, form-action.INFOReview hardening directivesINFOInspect CSP hardening directives frameAncestors=["*.gallupatwork.com","*.gallupatwork.au","*.gallupatwork.sg","*.gallupatwork.uk","*.gallup.com"] formCount=1WARNCompare recommended hardening coverage actual=["object-src","base-uri","form-action"] expected="no missing object-src/base-uri/form-action requirements" issue="CSP is missing recommended hardening directives: object-src, base-uri, form-action."WARNCSP is missing recommended hardening directives: object-src, base-uri, form-action.Review CSP reporting [warning]! CSP does not define a reporting endpoint.INFOReview CSP reportingINFOInspect CSP reporting directives reportOnlyHeaderPresent=false reportOnlyDirectives=[]WARNCompare violation reporting configuration actual="no reporting endpoint" expected="report-to or report-uri present" issue="CSP does not define a reporting endpoint."WARNCSP does not define a reporting endpoint.

Validate CSP frame-ancestors [fail]! frame-ancestors contains invalid source expressions: *.gallupatwork.com, *.gallupatwork.au, *.gallupatwork.sg, *.gallupatwork.uk, *.gallup.com.INFOValidate CSP frame-ancestorsINFORead CSP frame-ancestors signals enforcingHeaderPresent=true reportOnlyHeaderPresent=false metaFrameAncestors=false policyCount=1 duplicateDirectives=[]FAILCompare effective frame-ancestors directive actual={"values":["*.gallupatwork.com","*.gallupatwork.au","*.gallupatwork.sg","*.gallupatwork.uk","*.gallup.com"],"mode":"malformed","valid":false,"restrictive":false,"broadSources":[]} expected="valid restrictive enforcing frame-ancestors" issue="frame-ancestors contains invalid source expressions: *.gallupatwork.com, *.gallupatwork.au, *.gallupatwork.sg, *.gallupatwork.uk, *.gallup.com."FAILframe-ancestors contains invalid source expressions: *.gallupatwork.com, *.gallupatwork.au, *.gallupatwork.sg, *.gallupatwork.uk, *.gallup.com.Review CSP and XFO interaction [warning]! CSP frame-ancestors controls modern browser behavior, but the X-Frame-Options fallback is invalid or conflicting.INFOReview CSP and XFO interactionINFOCompare modern CSP and legacy XFO behavior modernBrowserMechanism="csp-frame-ancestors" cspOverridesXfo=true cspMode="malformed" xfoDirective="sameorigin"WARNCheck CSP/XFO policy alignment actual="aligned or single mechanism" expected="no conflicting framing policy" issue="CSP frame-ancestors controls modern browser behavior, but the X-Frame-Options fallback is invalid or conflicting."WARNCSP frame-ancestors controls modern browser behavior, but the X-Frame-Options fallback is invalid or conflicting.