Content-Security-Policy Analysis for https://api.nutrient.io

Open Cached · just now

13 directives

Content-Security-Policy

Content-Security-Policy: base-uri 'self' dashboard.nutrient.io dashboard.pspdfkit.com; connect-src 'self' https://www.nutrient.io dashboard.nutrient.io dashboard.pspdfkit.com *.sentry.io https://*.googletagmanager.com https://gtm.nutrient.io https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://adservice.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.lottiefiles.com https://lottie.host https://api.kapa.ai https://metrics.kapa.ai https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://www.google.com https://pa.nutrient.io https://cta-eu1.hubspot.com https://analytics.ahrefs.com https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://px.ads.linkedin.com https://tracking-api.g2.com https://bat.bing.com; default-src 'self' dashboard.nutrient.io dashboard.pspdfkit.com; font-src 'self' blob: data: dashboard.nutrient.io dashboard.pspdfkit.com https://fonts.gstatic.com https://script.hotjar.com; frame-ancestors 'self' dashboard.nutrient.io dashboard.pspdfkit.com; frame-src 'self' https://www.youtube.com/ dashboard.nutrient.io dashboard.pspdfkit.com https://*.googletagmanager.com https://gtm.nutrient.io https://www.google.com https://vars.hotjar.com https://consentcdn.cookiebot.com https://cta-eu1.hubspot.com https://*.paddle.com; img-src 'self' blob: data: https: dashboard.nutrient.io dashboard.pspdfkit.com https://px.ads.linkedin.com; media-src 'self' blob: data: dashboard.nutrient.io dashboard.pspdfkit.com; object-src dashboard.nutrient.io dashboard.pspdfkit.com; report-to csp-endpoint; report-uri https://o15437.ingest.sentry.io/api/5775608/security/?sentry_key=093630cf40114d8abf8b27a65aa00809&sentry_environment=production; script-src * 'unsafe-inline' 'unsafe-eval' blob: https://*.googletagmanager.com https://gtm.nutrient.io https://*.google-analytics.com https://*.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://widget.kapa.ai https://www.google.com https://www.gstatic.com https://pa.nutrient.io https://cta-eu1.hubspot.com; style-src 'self' dashboard.nutrient.io dashboard.pspdfkit.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' https://fonts.googleapis.com https://*.paddle.com;

base-uri Keyword —

'self'

base-uri Host —

dashboard.nutrient.io

base-uri Host —

dashboard.pspdfkit.com

connect-src Keyword —

'self'

connect-src Host —

https://www.nutrient.io

ASN | Cloudflare

connect-src Host —

dashboard.nutrient.io

connect-src Host —

dashboard.pspdfkit.com

connect-src Host

Sentry

*.sentry.io

ASN | Google Cloud

connect-src Host

Google Tag Manager

https://*.googletagmanager.com

connect-src Host —

https://gtm.nutrient.io

ASN | Cloudflare

connect-src Host

Google Analytics

https://*.google-analytics.com

connect-src Host

Google Analytics

https://*.analytics.google.com

connect-src Host

Google DoubleClick

https://*.g.doubleclick.net

connect-src Host —

https://*.google.com

connect-src Host

Google Conversion Tracking

https://adservice.google.com

connect-src Host

Hotjar

https://*.hotjar.com

connect-src Host

Hotjar

https://*.hotjar.io

connect-src Host

Hotjar

wss://*.hotjar.com

connect-src Host

Cookiebot

https://consentcdn.cookiebot.com

connect-src Host

Cookiebot

https://consent.cookiebot.com

connect-src Host

Lottie Player

https://*.lottiefiles.com

ASN | Cloudflare

connect-src Host

Lottie Player

https://lottie.host

connect-src Host

Kapa AI

https://api.kapa.ai

ASN | Google Cloud

connect-src Host

Kapa AI

https://metrics.kapa.ai

connect-src Host Google Cloud Run

https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app

ASN | Google Cloud

connect-src Host

Google Search

https://www.google.com

connect-src Host —

https://pa.nutrient.io

ASN | Cloudflare

connect-src Host

HubSpot

https://cta-eu1.hubspot.com

ASN | Cloudflare

connect-src Host

Ahrefs

https://analytics.ahrefs.com

ASN | Cloudflare

connect-src Host 6sense

https://c.6sc.co

connect-src Host 6sense

https://ipv6.6sc.co

connect-src Host 6sense

https://epsilon.6sense.com

connect-src Host

LinkedIn

https://px.ads.linkedin.com

ASN | Microsoft

connect-src Host G2

https://tracking-api.g2.com

ASN | Cloudflare

connect-src Host Microsoft Advertising

https://bat.bing.com

ASN | Microsoft

default-src Keyword —

'self'

default-src Host —

dashboard.nutrient.io

default-src Host —

dashboard.pspdfkit.com

font-src Keyword —

'self'

font-src Scheme —

blob:

font-src Scheme —

data:

font-src Host —

dashboard.nutrient.io

font-src Host —

dashboard.pspdfkit.com

font-src Host

Google Fonts

https://fonts.gstatic.com

font-src Host

Hotjar

https://script.hotjar.com

frame-ancestors Keyword —

'self'

frame-ancestors Host —

dashboard.nutrient.io

frame-ancestors Host —

dashboard.pspdfkit.com

frame-src Keyword —

'self'

frame-src Host

YouTube

https://www.youtube.com/

frame-src Host —

dashboard.nutrient.io

frame-src Host —

dashboard.pspdfkit.com

frame-src Host

Google Tag Manager

https://*.googletagmanager.com

frame-src Host —

https://gtm.nutrient.io

ASN | Cloudflare

frame-src Host

Google Search

https://www.google.com

frame-src Host

Hotjar

https://vars.hotjar.com

frame-src Host

Cookiebot

https://consentcdn.cookiebot.com

frame-src Host

HubSpot

https://cta-eu1.hubspot.com

ASN | Cloudflare

frame-src Host

Paddle

https://*.paddle.com

img-src Keyword —

'self'

img-src Scheme —

blob:

img-src Scheme —

data:

img-src Scheme —

https:

img-src Host —

dashboard.nutrient.io

img-src Host —

dashboard.pspdfkit.com

img-src Host

LinkedIn

https://px.ads.linkedin.com

ASN | Microsoft

media-src Keyword —

'self'

media-src Scheme —

blob:

media-src Scheme —

data:

media-src Host —

dashboard.nutrient.io

media-src Host —

dashboard.pspdfkit.com

object-src Host —

dashboard.nutrient.io

object-src Host —

dashboard.pspdfkit.com

report-to Host —

csp-endpoint

report-uri Host

Sentry

https://o15437.ingest.sentry.io/api/5775608/security/?sentry_key=093630cf40114d8abf8b27a65aa00809&sentry_environment=production

ASN | Google Cloud

script-src Host —

*

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Scheme —

blob:

script-src Host

Google Tag Manager

https://*.googletagmanager.com

script-src Host —

https://gtm.nutrient.io

ASN | Cloudflare

script-src Host

Google Analytics

https://*.google-analytics.com

script-src Host

Google Conversion Tracking

https://*.googleadservices.com

script-src Host

Hotjar

https://static.hotjar.com

script-src Host

Hotjar

https://script.hotjar.com

script-src Host

Kapa AI

https://widget.kapa.ai

ASN | Google Cloud

script-src Host

Google Search

https://www.google.com

script-src Host

Google Static File Front End

https://www.gstatic.com

script-src Host —

https://pa.nutrient.io

ASN | Cloudflare

script-src Host

HubSpot

https://cta-eu1.hubspot.com

ASN | Cloudflare

style-src Keyword —

'self'

style-src Host —

dashboard.nutrient.io

style-src Host —

dashboard.pspdfkit.com

style-src Host

Hotjar

https://static.hotjar.com

style-src Host

Hotjar

https://script.hotjar.com

style-src Keyword —

'unsafe-inline'

style-src Host

Google Fonts

https://fonts.googleapis.com

style-src Host

Paddle

https://*.paddle.com

Content-Security-Policy-Report-Only

No report-only CSP headers found.