Content-Security-Policy Analysis for https://app.knak.com

Open Cached · just now

4 directives

Content-Security-Policy

Content-Security-Policy: style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/bootstrap/ https://fonts.googleapis.com/ https://cdn.tiny.cloud/ https://assets.knak.io/ https://client-data.knak.io/ https://testing.client-data.knak.io/ https://client-data.testing.knak.io/ https://client-data.preprod.knak.io/ https://cloud.typography.com/ https://fonts.google.com/ https://p.typekit.net/ https://s3.amazonaws.com/assets.knak.io/ https://s3.amazonaws.com/client-data.knak.io/ https://storage.googleapis.com/ https://use.typekit.net/ https://*.marketo.com/ https://cdn.jsdelivr.net/npm/[email protected]/swiper-bundle.min.css https://d8ejoa1fys2rk.cloudfront.net/ https://cdn.knak.io/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/libs/jquery/ https://cdnjs.cloudflare.com/ajax/libs/x-editable/ https://cdnjs.cloudflare.com/ajax/libs/jqueryui/ https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/ https://assets.knak.io/ https://kit.fontawesome.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://widget.intercom.io/ https://js.intercomcdn.com/ https://canny.io/sdk.js https://cdn.jsdelivr.net/algoliasearch/ https://www.datadoghq-browser-agent.com https://js.sentry-cdn.com/ https://browser.sentry-cdn.com/ https://use.typekit.net/ https://cdn.jsdelivr.net/npm/[email protected]/bundles/redoc.standalone.js https://stats.pusher.com/ https://cdn.tiny.cloud/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://*.marketo.com/ https://*.adobe.com/ https://cdn.jsdelivr.net/npm/[email protected]/swiper-bundle.min.js https://ucv.bynder.com/5.0.5/modules/compactview/bynder-compactview-3-latest.js https://ucv.bynder.com/5.0.5/modules/compactview/bynder-compactview-5-latest.js https://cdn.knak.io/; worker-src 'self' blob:; frame-ancestors 'self' https://enterprise.knak.io;

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

BootstrapCDN

https://maxcdn.bootstrapcdn.com/bootstrap/

ASN | Cloudflare

style-src Host

Google Fonts

https://fonts.googleapis.com/

style-src Host —

https://cdn.tiny.cloud/

style-src Host —

https://assets.knak.io/

style-src Host —

https://client-data.knak.io/

style-src Host —

https://testing.client-data.knak.io/

style-src Host —

https://client-data.testing.knak.io/

style-src Host —

https://client-data.preprod.knak.io/

style-src Host —

https://cloud.typography.com/

style-src Host

Google Fonts

https://fonts.google.com/

style-src Host

Adobe Fonts (Typekit)

https://p.typekit.net/

style-src Host

Amazon S3

https://s3.amazonaws.com/assets.knak.io/

style-src Host

Amazon S3

https://s3.amazonaws.com/client-data.knak.io/

style-src Host

Google Cloud Storage

https://storage.googleapis.com/

style-src Host

Adobe Fonts (Typekit)

https://use.typekit.net/

style-src Host

Adobe Marketo

https://*.marketo.com/

ASN | Cloudflare

style-src Host

jsDelivr

https://cdn.jsdelivr.net/npm/[email protected]/swiper-bundle.min.css

style-src Host

AWS CloudFront

https://d8ejoa1fys2rk.cloudfront.net/

style-src Host —

https://cdn.knak.io/

script-src Keyword —

'self'

script-src Keyword —

'unsafe-eval'

script-src Keyword —

'unsafe-inline'

script-src Host

Google Hosted Libraries

https://ajax.googleapis.com/ajax/libs/jquery/

script-src Host

Cloudflare CDNJS

https://cdnjs.cloudflare.com/ajax/libs/x-editable/

ASN | Cloudflare

script-src Host

Cloudflare CDNJS

https://cdnjs.cloudflare.com/ajax/libs/jqueryui/

ASN | Cloudflare

script-src Host

Cloudflare CDNJS

https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/

ASN | Cloudflare

script-src Host —

https://assets.knak.io/

script-src Host

Font Awesome

https://kit.fontawesome.com/

ASN | Cloudflare

script-src Host

Google Tag Manager

https://www.googletagmanager.com/

script-src Host

Google Analytics

https://www.google-analytics.com/

script-src Host

Hotjar

https://static.hotjar.com/

script-src Host

Hotjar

https://script.hotjar.com/

script-src Host

Intercom

https://widget.intercom.io/

script-src Host

Intercom

https://js.intercomcdn.com/

script-src Host

Canny

https://canny.io/sdk.js

script-src Host

jsDelivr

https://cdn.jsdelivr.net/algoliasearch/

script-src Host

Datadog

https://www.datadoghq-browser-agent.com

script-src Host

Sentry

https://js.sentry-cdn.com/

script-src Host

Sentry

https://browser.sentry-cdn.com/

script-src Host

Adobe Fonts (Typekit)

https://use.typekit.net/

script-src Host

jsDelivr

https://cdn.jsdelivr.net/npm/[email protected]/bundles/redoc.standalone.js

script-src Host

Pusher

https://stats.pusher.com/

script-src Host —

https://cdn.tiny.cloud/

script-src Host

BootstrapCDN

https://maxcdn.bootstrapcdn.com/bootstrap/

ASN | Cloudflare

script-src Host

Adobe Marketo

https://*.marketo.com/

ASN | Cloudflare

script-src Host —

https://*.adobe.com/

script-src Host

jsDelivr

https://cdn.jsdelivr.net/npm/[email protected]/swiper-bundle.min.js

script-src Host

Bynder

https://ucv.bynder.com/5.0.5/modules/compactview/bynder-compactview-3-latest.js

script-src Host

Bynder

https://ucv.bynder.com/5.0.5/modules/compactview/bynder-compactview-5-latest.js

script-src Host —

https://cdn.knak.io/

worker-src Keyword —

'self'

worker-src Scheme —

blob:

frame-ancestors Keyword —

'self'

frame-ancestors Host —

https://enterprise.knak.io

Content-Security-Policy-Report-Only

No report-only CSP headers found.