Content-Security-Policy Analysis for https://amsoil.com

Open Cached · just now

4 directives

Content-Security-Policy

Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amsoil.com *.amsoil.ca *.amsoilindustrial.com https://amsoilcontent.com https://www.amsoilcontent.com https://cdn.evgnet.com *.evergage.com https://amsoil.us-1.evergage.com https://analytics.amsoil.com https://analytics.amsoil.ca https://analytics.amsoilindustrial.com https://static.cloud.coveo.com https://www.google-analytics.com https://maps.googleapis.com https://assets.sitescdn.net https://realtimeanalytics.yext.com https://cdnjs.cloudflare.com/ *.doubleclick.net https://snap.licdn.com https://bat.bing.com *.microsoft.com *.facebook.net *.facebook.com *.criteo.com *.criteo.net https://www.googletagmanager.com *.linkedin.com *.google.com https://www.googleoptimize.com *.hotjar.com *.bc0a.com *.brightedge.com cdn.b0e8.com device.clearsale.com.br https://www.paypalobjects.com *.paypal.com https://www.gstatic.com https://www.googleadservices.com *.wistia.com *.wistia.net https://az124611.vo.msecnd.net https://cookie-cdn.cookiepro.com https://cdn-us.clickdimensions.com cdn.attn.tv *.attentivemobile.com *.googlesyndication.com *.powerobjects.net *.zoominfo.com *.convertlanguage.com *.docusign.com https://challenges.cloudflare.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://api.ipify.org https://appleid.cdn-apple.com https://*.trustarc.com https://cdn.cookielaw.org https://geolocation.onetrust.com *.niceincontact.com *.mountain.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://*.amazon-adsystem.com https://browser.sentry-cdn.com blob:; frame-src 'self' *.amsoil.com *.amsoil.ca https://amsoilcontent.com *.hotjar.com *.criteo.com *.criteo.net *.docusign.net *.docusign.com *.facebook.com *.google.com *.paypal.com *.doubleclick.net *.powerobjects.net *.googlesyndication.com *.wistia.com *.wistia.net creatives.attn.tv https://challenges.cloudflare.com https://a25683390326.cdn.optimizely.com https://a25683390326.cdn-pci.optimizely.com *.niceincontact.com https://*.trustarc.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://www.googletagmanager.com https://cdn.cookielaw.org; frame-ancestors 'self' https://sapcc.amsoil.com; report-uri /csp-report

script-src Keyword — 'self'

script-src Keyword — 'unsafe-inline'

script-src Keyword — 'unsafe-eval'

script-src Host — *.amsoil.com

script-src Host — *.amsoil.ca

script-src Host — *.amsoilindustrial.com

script-src Host — https://amsoilcontent.com

script-src Host — https://www.amsoilcontent.com

script-src Host — https://cdn.evgnet.com

script-src Host Salesforce Personalization *.evergage.com

script-src Host Salesforce Personalization https://amsoil.us-1.evergage.com

script-src Host — https://analytics.amsoil.com

script-src Host — https://analytics.amsoil.ca

script-src Host — https://analytics.amsoilindustrial.com

script-src Host — https://static.cloud.coveo.com

script-src Host

Google Analytics https://www.google-analytics.com

script-src Host

Google Maps https://maps.googleapis.com

script-src Host — https://assets.sitescdn.net

script-src Host — https://realtimeanalytics.yext.com

script-src Host

Cloudflare CDNJS https://cdnjs.cloudflare.com/

script-src Host

Google DoubleClick *.doubleclick.net

script-src Host

LinkedIn https://snap.licdn.com

script-src Host Microsoft Advertising https://bat.bing.com

script-src Host — *.microsoft.com

script-src Host

Facebook *.facebook.net

script-src Host

Facebook *.facebook.com

script-src Host Criteo *.criteo.com

script-src Host Criteo *.criteo.net

script-src Host

Google Tag Manager https://www.googletagmanager.com

script-src Host

LinkedIn *.linkedin.com

script-src Host

Google Search *.google.com

script-src Host

Google Optimize https://www.googleoptimize.com

script-src Host

Hotjar *.hotjar.com

script-src Host — *.bc0a.com

script-src Host — *.brightedge.com

script-src Host — cdn.b0e8.com

script-src Host — device.clearsale.com.br

script-src Host

PayPal https://www.paypalobjects.com

script-src Host

PayPal *.paypal.com

script-src Host

Google Static File Front End https://www.gstatic.com

script-src Host

Google Conversion Tracking https://www.googleadservices.com

script-src Host

Wistia *.wistia.com

script-src Host

Wistia *.wistia.net

script-src Host

Microsoft Azure https://az124611.vo.msecnd.net

script-src Host

OneTrust https://cookie-cdn.cookiepro.com

script-src Host — https://cdn-us.clickdimensions.com

script-src Host — cdn.attn.tv

script-src Host — *.attentivemobile.com

script-src Host

Google AdSense *.googlesyndication.com

script-src Host — *.powerobjects.net

script-src Host

ZoomInfo *.zoominfo.com

script-src Host — *.convertlanguage.com

script-src Host

DocuSign *.docusign.com

script-src Host

Cloudflare Turnstile https://challenges.cloudflare.com

script-src Host

Optimizely https://*.optimizely.com

script-src Host

Amazon S3 https://optimizely.s3.amazonaws.com

script-src Host

Amazon S3 https://cdn-assets-prod.s3.amazonaws.com

script-src Host ipify https://api.ipify.org

script-src Host

Apple ID https://appleid.cdn-apple.com

script-src Host

TrustArc https://*.trustarc.com

script-src Host

OneTrust https://cdn.cookielaw.org

script-src Host

OneTrust https://geolocation.onetrust.com

script-src Host — *.niceincontact.com

script-src Host MNTN *.mountain.com

script-src Host Qualtrics https://*.qualtrics.com

script-src Host Qualtrics https://*.siteintercept.qualtrics.com

script-src Host — https://*.amazon-adsystem.com

script-src Host

Sentry https://browser.sentry-cdn.com

script-src Scheme — blob:

frame-src Keyword — 'self'

frame-src Host — *.amsoil.com

frame-src Host — *.amsoil.ca

frame-src Host — https://amsoilcontent.com

frame-src Host

Hotjar *.hotjar.com

frame-src Host Criteo *.criteo.com

frame-src Host Criteo *.criteo.net

frame-src Host

DocuSign *.docusign.net

frame-src Host

DocuSign *.docusign.com

frame-src Host

Facebook *.facebook.com

frame-src Host

Google Search *.google.com

frame-src Host

PayPal *.paypal.com

frame-src Host

Google DoubleClick *.doubleclick.net

frame-src Host — *.powerobjects.net

frame-src Host

Google AdSense *.googlesyndication.com

frame-src Host

Wistia *.wistia.com

frame-src Host

Wistia *.wistia.net

frame-src Host — creatives.attn.tv

frame-src Host

Cloudflare Turnstile https://challenges.cloudflare.com

frame-src Host

Optimizely https://a25683390326.cdn.optimizely.com

frame-src Host

Optimizely https://a25683390326.cdn-pci.optimizely.com

frame-src Host — *.niceincontact.com

frame-src Host

TrustArc https://*.trustarc.com

frame-src Host Qualtrics https://*.qualtrics.com

frame-src Host Qualtrics https://*.siteintercept.qualtrics.com

frame-src Host

Google Tag Manager https://www.googletagmanager.com

frame-src Host

OneTrust https://cdn.cookielaw.org

frame-ancestors Keyword — 'self'

frame-ancestors Host — https://sapcc.amsoil.com

report-uri Host — /csp-report

Content-Security-Policy-Report-Only

No report-only CSP headers found.