Content-Security-Policy Analysis for https://analytics.farmerjoe.com

Open Cached · just now

10 directives

Content-Security-Policy

Content-Security-Policy: font-src *; script-src 'self' https://maps.google.com https://accounts.google.com    'sha256-9uFLu5CG8mWlvx0LK6lgendCxUX57TuWk3wkgZpBeWU=' 'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE=' 'sha256-3N2Z+Nu++/yNMVHIl863JigVmt2Nr9gt2doEMJT2Wzk='; style-src 'self' 'nonce-NZvWvoO9AO'   https://accounts.google.com; manifest-src 'self'; connect-src 'self' https://accounts.google.com metabase.us10.list-manage.com   ; img-src * 'self' data:; frame-src youtube.com *.youtube.com youtu.be *.youtu.be loom.com *.loom.com vimeo.com *.vimeo.com docs.google.com calendar.google.com airtable.com *.airtable.com typeform.com *.typeform.com canva.com *.canva.com codepen.io *.codepen.io figma.com *.figma.com grafana.com *.grafana.com miro.com *.miro.com excalidraw.com *.excalidraw.com notion.com *.notion.com atlassian.com *.atlassian.com trello.com *.trello.com asana.com *.asana.com gist.github.com linkedin.com *.linkedin.com twitter.com *.twitter.com x.com *.x.com; default-src 'none'; child-src 'self' https://accounts.google.com;  frame-ancestors 'none';

font-src Host —

*

script-src Keyword —

'self'

script-src Host

Google Maps

https://maps.google.com

script-src Host

Google Sign-In

https://accounts.google.com

script-src Hash —

'sha256-9uFLu5CG8mWlvx0LK6lgendCxUX57TuWk3wkgZpBeWU='

script-src Hash —

'sha256-isH538cVBUY8IMlGYGbWtBwr+cGqkc4mN6nLcA7lUjE='

script-src Hash —

'sha256-3N2Z+Nu++/yNMVHIl863JigVmt2Nr9gt2doEMJT2Wzk='

style-src Keyword —

'self'

style-src Nonce —

'nonce-NZvWvoO9AO'

style-src Host

Google Sign-In

https://accounts.google.com

manifest-src Keyword —

'self'

connect-src Keyword —

'self'

connect-src Host

Google Sign-In

https://accounts.google.com

connect-src Host

Mailchimp

metabase.us10.list-manage.com

img-src Host —

*

img-src Keyword —

'self'

img-src Scheme —

data:

frame-src Host

YouTube

youtube.com

frame-src Host

YouTube

*.youtube.com

frame-src Host

YouTube

youtu.be

frame-src Host

YouTube

*.youtu.be

frame-src Host

Loom

loom.com

frame-src Host

Loom

*.loom.com

frame-src Host

Vimeo

vimeo.com

ASN | Cloudflare

frame-src Host

Vimeo

*.vimeo.com

ASN | Cloudflare

frame-src Host

G Workspace

docs.google.com

frame-src Host

G Workspace

calendar.google.com

frame-src Host

Airtable

airtable.com

frame-src Host

Airtable

*.airtable.com

frame-src Host

Typeform

typeform.com

frame-src Host

Typeform

*.typeform.com

frame-src Host —

canva.com

frame-src Host —

*.canva.com

frame-src Host —

codepen.io

ASN | Cloudflare

frame-src Host —

*.codepen.io

ASN | Cloudflare

frame-src Host

Figma

figma.com

frame-src Host

Figma

*.figma.com

frame-src Host

Grafana

grafana.com

ASN | Google Cloud

frame-src Host

Grafana

*.grafana.com

ASN | Google Cloud

frame-src Host

Miro

miro.com

frame-src Host

Miro

*.miro.com

frame-src Host —

excalidraw.com

frame-src Host —

*.excalidraw.com

frame-src Host —

notion.com

ASN | NOTION-WEB - Notion Labs

frame-src Host —

*.notion.com

ASN | NOTION-WEB - Notion Labs

frame-src Host —

atlassian.com

frame-src Host —

*.atlassian.com

frame-src Host —

trello.com

frame-src Host —

*.trello.com

frame-src Host

Asana

asana.com

frame-src Host

Asana

*.asana.com

frame-src Host

GitHub

gist.github.com

frame-src Host

LinkedIn

linkedin.com

ASN | Microsoft

frame-src Host

LinkedIn

*.linkedin.com

ASN | Microsoft

frame-src Host

Twitter

twitter.com

ASN | Cloudflare

frame-src Host

Twitter

*.twitter.com

ASN | Cloudflare

frame-src Host

Twitter

x.com

ASN | Cloudflare

frame-src Host

Twitter

*.x.com

ASN | Cloudflare

default-src Keyword —

'none'

child-src Keyword —

'self'

child-src Host

Google Sign-In

https://accounts.google.com

frame-ancestors Keyword —

'none'

Content-Security-Policy-Report-Only

No report-only CSP headers found.