Content-Security-Policy Analysis for https://ala.org

Open Cached · just now

9 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' zingtree.com *.zingtree.com ajax.googleapis.com livehelpnow.net *.livehelpnow.net developer.livehelpnow.net cdn.polyfill.io www.googletagmanager.com www.google-analytics.com unpkg.com youtube.com *.youtube.com cdnjs.cloudflare.com cdn.jsdelivr.net fulview.io *.fulview.io www.gstatic.com clarity.ms *.clarity.ms static.addtoany.com *.google.com *.google *.googleadservices.com; style-src 'self' 'unsafe-inline' zingtree.com *.zingtree.com fontawesome.com *.fontawesome.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net livehelpnow.net *.livehelpnow.net unpkg.com cdnjs.cloudflare.com use.typekit.net p.typekit.net *.google.com; img-src 'self' data: livehelpnow.net *.livehelpnow.net www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net clarity.ms *.clarity.ms www.ala.org  live-alaorg.pantheonsite.io *.googleusercontent.com *.google.com *.gstatic.com *.google *.goog; media-src 'self' developer.livehelpnow.net fulview.io *.fulview.io; frame-src 'self' static.addtoany.com youtube.com *.youtube.com airtable.com *.airtable.com embed.wakelet.com *.google.com www.swissarmylibrarian.net  *.goog *.google; font-src 'self' data: fonts.gstatic.com use.typekit.net p.typekit.net fontawesome.com *.fontawesome.com;; connect-src 'self' cdn.jsdelivr.net *.google; report-uri /report-csp-violation

default-src Keyword —

'self'

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host —

zingtree.com

ASN | Cloudflare

script-src Host —

*.zingtree.com

ASN | Cloudflare

script-src Host

Google Hosted Libraries

ajax.googleapis.com

script-src Host —

livehelpnow.net

ASN | Cloudflare

script-src Host —

*.livehelpnow.net

ASN | Cloudflare

script-src Host —

developer.livehelpnow.net

ASN | Cloudflare

script-src Host —

cdn.polyfill.io

script-src Host

Google Tag Manager

www.googletagmanager.com

script-src Host

Google Analytics

www.google-analytics.com

script-src Host

unpkg

unpkg.com

ASN | Cloudflare

script-src Host

YouTube

youtube.com

script-src Host

YouTube

*.youtube.com

script-src Host

Cloudflare CDNJS

cdnjs.cloudflare.com

ASN | Cloudflare

script-src Host

jsDelivr

cdn.jsdelivr.net

ASN | Cloudflare

script-src Host —

fulview.io

script-src Host —

*.fulview.io

script-src Host

Google Static File Front End

www.gstatic.com

script-src Host Microsoft Clarity

clarity.ms

ASN | Microsoft

script-src Host Microsoft Clarity

*.clarity.ms

ASN | Microsoft

script-src Host

AddToAny

static.addtoany.com

ASN | Cloudflare

script-src Host

Google Search

*.google.com

script-src Host —

*.google

script-src Host

Google Conversion Tracking

*.googleadservices.com

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host —

zingtree.com

ASN | Cloudflare

style-src Host —

*.zingtree.com

ASN | Cloudflare

style-src Host

Font Awesome

fontawesome.com

ASN | Cloudflare

style-src Host

Font Awesome

*.fontawesome.com

ASN | Cloudflare

style-src Host

Google Fonts

fonts.googleapis.com

style-src Host

Google Fonts

fonts.gstatic.com

style-src Host

jsDelivr

cdn.jsdelivr.net

ASN | Cloudflare

style-src Host —

livehelpnow.net

ASN | Cloudflare

style-src Host —

*.livehelpnow.net

ASN | Cloudflare

style-src Host

unpkg

unpkg.com

ASN | Cloudflare

style-src Host

Cloudflare CDNJS

cdnjs.cloudflare.com

ASN | Cloudflare

style-src Host

Adobe Fonts (Typekit)

use.typekit.net

style-src Host

Adobe Fonts (Typekit)

p.typekit.net

style-src Host

Google Search

*.google.com

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Host —

livehelpnow.net

ASN | Cloudflare

img-src Host —

*.livehelpnow.net

ASN | Cloudflare

img-src Host

Google Analytics

www.google-analytics.com

img-src Host

Google Tag Manager

www.googletagmanager.com

img-src Host

jsDelivr

cdn.jsdelivr.net

ASN | Cloudflare

img-src Host Microsoft Clarity

clarity.ms

ASN | Microsoft

img-src Host Microsoft Clarity

*.clarity.ms

ASN | Microsoft

img-src Host —

www.ala.org

img-src Host

Pantheon

live-alaorg.pantheonsite.io

img-src Host

Google Cloud Storage

*.googleusercontent.com

img-src Host

Google Search

*.google.com

img-src Host

Google Static File Front End

*.gstatic.com

img-src Host —

*.google

img-src Host —

*.goog

media-src Keyword —

'self'

media-src Host —

developer.livehelpnow.net

ASN | Cloudflare

media-src Host —

fulview.io

media-src Host —

*.fulview.io

frame-src Keyword —

'self'

frame-src Host

AddToAny

static.addtoany.com

ASN | Cloudflare

frame-src Host

YouTube

youtube.com

frame-src Host

YouTube

*.youtube.com

frame-src Host

Airtable

airtable.com

frame-src Host

Airtable

*.airtable.com

frame-src Host —

embed.wakelet.com

frame-src Host

Google Search

*.google.com

frame-src Host —

www.swissarmylibrarian.net

ASN | Cloudflare

frame-src Host —

*.goog

frame-src Host —

*.google

font-src Keyword —

'self'

font-src Scheme —

data:

font-src Host

Google Fonts

fonts.gstatic.com

font-src Host

Adobe Fonts (Typekit)

use.typekit.net

font-src Host

Adobe Fonts (Typekit)

p.typekit.net

font-src Host

Font Awesome

fontawesome.com

ASN | Cloudflare

font-src Host

Font Awesome

*.fontawesome.com

ASN | Cloudflare

connect-src Keyword —

'self'

connect-src Host

jsDelivr

cdn.jsdelivr.net

ASN | Cloudflare

connect-src Host —

*.google

report-uri Host —

/report-csp-violation

Content-Security-Policy-Report-Only

No report-only CSP headers found.