Content-Security-Policy Analysis for https://admin.metrofile.com

Open Cached · just now

13 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self' https://*.wistia.com https://*.wistia.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.wistia.com https://*.typekit.net blob:; font-src 'self' https://fonts.gstatic.com https://fonts.gstatic.com https://*.wistia.com https://*.typekit.net data:; script-src 'self' 'strict-dynamic' 'nonce-e1bd6ef3a43af845e7651e1817506661' https://www.googletagmanager.com https://*.wistia.com https://js.sentry-cdn.com; connect-src 'self' https://*.wistia.com https://*.wistia.net https://pipedream.wistia.com http://pipedream.wistia.com https://*.googleapis.com https://*.wizer-training.com https://*.test.wizer-training.com https://*.algolia.net https://*.ingest.sentry.io https://*.hubspot.com https://api.hsforms.com https://www.google-analytics.com https://*.litix.io https://sentry.io https://api.getrewardful.com https://*.google-analytics.com wss://ws.hotjar.com https://*.hotjar.io https://fast.appcues.com https://unleash.prodapps.wizerapps.net https://static.hsappstatic.net https://*.sentry.io https://browser.sentry-cdn.com; img-src 'self' https: blob: data:; media-src 'self' blob: data: https://*.wistia.net https://*.wistia.com https://storage.googleapis.com https://storage.wizer-training.com; frame-src https://fast.wistia.com https://fast.wistia.net https://js.stripe.com https://wizer-development.firebaseapp.com https://wizer-production.firebaseapp.com https://*.wizer-training.com; worker-src 'self' blob:; frame-ancestors 'none'; form-action 'self'; report-uri https://o206439.ingest.us.sentry.io/api/1325349/security/?sentry_key=5146e35cece64a0c8bc8f7de69a48a2c; report-to csp-endpoint

default-src Keyword —

'self'

default-src Host

Wistia

https://*.wistia.com

default-src Host

Wistia

https://*.wistia.net

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Google Fonts

https://fonts.googleapis.com

style-src Host

Google Fonts

https://fonts.gstatic.com

style-src Host

Wistia

https://*.wistia.com

style-src Host

Adobe Fonts (Typekit)

https://*.typekit.net

style-src Scheme —

blob:

font-src Keyword —

'self'

font-src Host

Google Fonts

https://fonts.gstatic.com

font-src Host

Google Fonts

https://fonts.gstatic.com

font-src Host

Wistia

https://*.wistia.com

font-src Host

Adobe Fonts (Typekit)

https://*.typekit.net

font-src Scheme —

data:

script-src Keyword —

'self'

script-src Keyword —

'strict-dynamic'

script-src Nonce —

'nonce-e1bd6ef3a43af845e7651e1817506661'

script-src Host

Google Tag Manager

https://www.googletagmanager.com

script-src Host

Wistia

https://*.wistia.com

script-src Host

Sentry

https://js.sentry-cdn.com

connect-src Keyword —

'self'

connect-src Host

Wistia

https://*.wistia.com

connect-src Host

Wistia

https://*.wistia.net

connect-src Host

Wistia

https://pipedream.wistia.com

connect-src Host

Wistia

http://pipedream.wistia.com

connect-src Host

Google API JS Client

https://*.googleapis.com

connect-src Host —

https://*.wizer-training.com

ASN | Google Cloud

connect-src Host —

https://*.test.wizer-training.com

connect-src Host

Algolia

https://*.algolia.net

ASN | LEASEWEB-APAC-SIN-11 LEASEWEB SINGAPORE PTE. LTD.

connect-src Host

Sentry

https://*.ingest.sentry.io

connect-src Host

HubSpot

https://*.hubspot.com

ASN | Cloudflare

connect-src Host

HubSpot Forms

https://api.hsforms.com

ASN | Cloudflare

connect-src Host

Google Analytics

https://www.google-analytics.com

connect-src Host —

https://*.litix.io

connect-src Host

Sentry

https://sentry.io

ASN | Google Cloud

connect-src Host —

https://api.getrewardful.com

ASN | Cloudflare

connect-src Host

Google Analytics

https://*.google-analytics.com

connect-src Host

Hotjar

wss://ws.hotjar.com

connect-src Host

Hotjar

https://*.hotjar.io

connect-src Host —

https://fast.appcues.com

connect-src Host —

https://unleash.prodapps.wizerapps.net

ASN | Google Cloud

connect-src Host

HubSpot

https://static.hsappstatic.net

ASN | Cloudflare

connect-src Host

Sentry

https://*.sentry.io

ASN | Google Cloud

connect-src Host

Sentry

https://browser.sentry-cdn.com

img-src Keyword —

'self'

img-src Scheme —

https:

img-src Scheme —

blob:

img-src Scheme —

data:

media-src Keyword —

'self'

media-src Scheme —

blob:

media-src Scheme —

data:

media-src Host

Wistia

https://*.wistia.net

media-src Host

Wistia

https://*.wistia.com

media-src Host

Google Cloud Storage

https://storage.googleapis.com

media-src Host —

https://storage.wizer-training.com

ASN | Google Cloud

frame-src Host

Wistia

https://fast.wistia.com

frame-src Host

Wistia

https://fast.wistia.net

frame-src Host

Stripe

https://js.stripe.com

frame-src Host

Firebase

https://wizer-development.firebaseapp.com

frame-src Host

Firebase

https://wizer-production.firebaseapp.com

frame-src Host —

https://*.wizer-training.com

ASN | Google Cloud

worker-src Keyword —

'self'

worker-src Scheme —

blob:

frame-ancestors Keyword —

'none'

form-action Keyword —

'self'

report-uri Host

Sentry

https://o206439.ingest.us.sentry.io/api/1325349/security/?sentry_key=5146e35cece64a0c8bc8f7de69a48a2c

ASN | Google Cloud

report-to Host —

csp-endpoint

Content-Security-Policy-Report-Only

No report-only CSP headers found.