Open
Cached
·
just now
12
directives
Content-Security-Policy
Content-Security-Policy: default-src sprig.com *.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src *.sprig.com *.userleap.com 'unsafe-inline' https://cdn.WebRTC-Experiment.com https://cdnjs.cloudflare.com/ajax/libs/videojs-record/4.5.0/videojs.record.js https://cdnjs.cloudflare.com/ajax/libs/webrtc-adapter/8.0.0/adapter.min.js https://storage.googleapis.com https://www.google-analytics.com https://*.figma.com https://*.mux.com https://unpkg.com https://sentry.io https://cdn.heapanalytics.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://*.hubspot.com https://*.logs.datadoghq.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://rum-http-intake.logs.datadoghq.com https://documentcloud.adobe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src *.sprig.com *.userleap.com blob: https://*.figma.com https://*.mux.com https://cdn.segment.com https://api.segment.io https://sentry.io https://*.sentry.io https://events.launchdarkly.com https://app.launchdarkly.com https://*.hubspot.com https://rum-http-intake.logs.datadoghq.com https://www.google-analytics.com https://storage.googleapis.com https://*.adobe.io https://www.google.com/recaptcha/; img-src *.sprig.com *.userleap.com 'self' data: https://*.hubspot.com https://heapanalytics.com https://www.google-analytics.com https://*.mux.com; style-src *.sprig.com *.userleap.com 'unsafe-inline' https://unpkg.com https://cdnjs.cloudflare.com; worker-src blob:; font-src *.sprig.com *.userleap.com 'self' data:; media-src blob: https://*.mux.com; frame-src *.sprig.com *.userleap.com https://*.figma.com https://*.hubspot.com https://documentcloud.adobe.com https://xd.adobe.com https://www.sketch.com https://*.invisionapp.com https://invis.io https://miro.com/app/ https://marvelapp.com/ https://*.axshare.com https://experts.webflow.com https://webflow.com https://www.justinmind.com https://docs.google.com https://cloud.protopie.io https://*.framer.app *.webflowtest.io https://www.lingoda.com/en/ https://drive.google.com https://1drv.ms https://*.onedrive.com https://*.sharepoint.com https://*.live.com https://*.svc.ms https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors sprig.com *.sprig.com *.userleap.com *.roku.com *.coinbase.com *.descript.com 'self'; form-action 'self'; upgrade-insecure-requests;
default-src
Keyword
—
'self'
default-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-inline'
connect-src
Scheme
—
blob:
img-src
Keyword
—
'self'
img-src
Scheme
—
data:
style-src
Keyword
—
'unsafe-inline'
worker-src
Scheme
—
blob:
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
media-src
Scheme
—
blob:
frame-src
Host
—
frame-ancestors
Keyword
—
'self'
form-action
Keyword
—
'self'
upgrade-insecure-requests
Source
—
(no sources)
Content-Security-Policy-Report-Only
No report-only CSP headers found.