Content-Security-Policy Analysis for https://app.onfleet.com

Open Cached · 9h ago

9 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self'; worker-src blob: ; media-src *.stripe.com static.olark.com lp.onfleet.com; img-src *.visualwebsiteoptimizer.com onfleet.com *.linkedin.com *.stripe.com *.reddit.com *.facebook.com *.hubspot.com data: *.google.com *.google-analytics.com *.google.co.uk *.bing.com *.clarity.ms *.cloudfront.net *.hsforms.com *.cloudinary.com *.olark.com *.twitter.com cdn.jsdelivr.net *.jsdelivr.net; script-src-elem onfleet.com *.vector.co d-code.liadm.com *.usbrowserspeed.com *.ip-api.com *.jsdelivr.net *.stripe.com *.youtube-nocookie.com *.doubleclick.net *.listenlayer.com *.redditstatic.com *.youtube.com *.olark.com *.licdn.com cdn.sitesearch360.com *.google-analytics.com *.googletagmanager.com *.hs-scripts.com *.cloudfront.net *.googleapis.com *.hsadspixel.net *.hubspot.com *.hs-analytics.net *.hs-banner.com static.olark.com transcend-cdn.com script.crazyegg.com *.clarity.ms js.hsforms.net cdn.segment.com *.facebook.net dev.visualwebsiteoptimizer.com www.google.com www.gstatic.com js.usemessages.com 'unsafe-inline' https://unpkg.com/aos@next/dist/aos.js https://inorganik.github.io/countUp.js/dist/countUp.umd.js https://bat.bing.com/bat.js https://www.googletagmanager.com/; style-src onfleet.com *.googleapis.com *.cloudfront.net transcend-cdn.com static.olark.com cdn.jsdelivr.net *.jsdelivr.net 'unsafe-inline' https://unpkg.com/aos@next/dist/aos.css; font-src *.gstatic.com static.olark.com *.cloudfront.net data:; frame-src *.stripe.com *.rippling.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.olark.com *.hsforms.com app.hubspot.com www.google.com www.gstatic.com; connect-src *.vector.co d-code.liadm.com *.usbrowserspeed.com *.ip-api.com *.linkedin.com *.stripe.com countly.onfleet.com onfleet.com *.onfleet.com  *.googlesyndication.com *.listenlayer.com *.reddit.com *.redditstatic.com *.sitesearch360.com *.hubapi.com *.olark.com *.hubspot.com *.s3.amazonaws.com onfleet.ghost.io *.hsforms.com api.segment.io telemetry.transcend.io *.clarity.ms cdn.segment.com transcend-cdn.com *.google-analytics.com *.doubleclick.net *.google.com publickeyservice.keys.adm-services.goog app.launchdarkly.com *.launchdarkly.com *.usemessages.com static.hsappstatic.net *.hsappstatic.net www.google.com www.gstatic.com

default-src Keyword —

'self'

worker-src Scheme —

blob:

media-src Host

Stripe

*.stripe.com

media-src Host —

static.olark.com

ASN | Cloudflare

media-src Host —

lp.onfleet.com

ASN | Cloudflare

img-src Host

Visual Website Optimizer

*.visualwebsiteoptimizer.com

ASN | Google Cloud

img-src Host —

onfleet.com

img-src Host

LinkedIn

*.linkedin.com

ASN | Microsoft

img-src Host

Stripe

*.stripe.com

img-src Host

Reddit

*.reddit.com

img-src Host

Facebook

*.facebook.com

img-src Host

HubSpot

*.hubspot.com

ASN | Cloudflare

img-src Scheme —

data:

img-src Host

Google Search

*.google.com

img-src Host

Google Analytics

*.google-analytics.com

img-src Host —

*.google.co.uk

img-src Host

Bing

*.bing.com

ASN | Microsoft

img-src Host

Microsoft Clarity

*.clarity.ms

ASN | Microsoft

img-src Host

AWS CloudFront

*.cloudfront.net

img-src Host

HubSpot Forms

*.hsforms.com

img-src Host

Cloudinary

*.cloudinary.com

ASN | Cloudflare

img-src Host —

*.olark.com

ASN | Google Cloud

img-src Host

Twitter

*.twitter.com

img-src Host

jsDelivr

cdn.jsdelivr.net

ASN | Cloudflare

img-src Host

jsDelivr

*.jsdelivr.net

script-src-elem Host —

onfleet.com

script-src-elem Host

Vector

*.vector.co

ASN | Cloudflare

script-src-elem Host —

d-code.liadm.com

script-src-elem Host —

*.usbrowserspeed.com

script-src-elem Host

IP-API

*.ip-api.com

ASN | TUT-AS - Total Uptime Technologies, LLC

script-src-elem Host

jsDelivr

*.jsdelivr.net

script-src-elem Host

Stripe

*.stripe.com

script-src-elem Host

YouTube

*.youtube-nocookie.com

script-src-elem Host

Google DoubleClick

*.doubleclick.net

script-src-elem Host —

*.listenlayer.com

ASN | Cloudflare

script-src-elem Host

Reddit

*.redditstatic.com

script-src-elem Host

YouTube

*.youtube.com

script-src-elem Host —

*.olark.com

ASN | Google Cloud

script-src-elem Host

LinkedIn

*.licdn.com

script-src-elem Host —

cdn.sitesearch360.com

ASN | Cloudflare

script-src-elem Host

Google Analytics

*.google-analytics.com

script-src-elem Host

Google Tag Manager

*.googletagmanager.com

script-src-elem Host

HubSpot

*.hs-scripts.com

script-src-elem Host

AWS CloudFront

*.cloudfront.net

script-src-elem Host

Google API JS Client

*.googleapis.com

script-src-elem Host

HubSpot

*.hsadspixel.net

script-src-elem Host

HubSpot

*.hubspot.com

ASN | Cloudflare

script-src-elem Host

HubSpot Analytics

*.hs-analytics.net

script-src-elem Host

HubSpot

*.hs-banner.com

script-src-elem Host —

static.olark.com

ASN | Cloudflare

script-src-elem Host

Transcend

transcend-cdn.com

ASN | Cloudflare

script-src-elem Host

Crazy Egg

script.crazyegg.com

ASN | Cloudflare

script-src-elem Host

Microsoft Clarity

*.clarity.ms

ASN | Microsoft

script-src-elem Host

HubSpot Forms

js.hsforms.net

ASN | Cloudflare

script-src-elem Host

Segment

cdn.segment.com

script-src-elem Host

Facebook

*.facebook.net

script-src-elem Host

Visual Website Optimizer

dev.visualwebsiteoptimizer.com

ASN | Google Cloud

script-src-elem Host

Google Search

www.google.com

script-src-elem Host

Google Static File Front End

www.gstatic.com

script-src-elem Host

HubSpot Live Chat

js.usemessages.com

ASN | Cloudflare

script-src-elem Keyword —

'unsafe-inline'

script-src-elem Host

unpkg

https://unpkg.com/aos@next/dist/aos.js

ASN | Cloudflare

script-src-elem Host

GitHub

https://inorganik.github.io/countUp.js/dist/countUp.umd.js

script-src-elem Host

Microsoft Advertising

https://bat.bing.com/bat.js

ASN | Microsoft

script-src-elem Host

Google Tag Manager

https://www.googletagmanager.com/

style-src Host —

onfleet.com

style-src Host

Google API JS Client

*.googleapis.com

style-src Host

AWS CloudFront

*.cloudfront.net

style-src Host

Transcend

transcend-cdn.com

ASN | Cloudflare

style-src Host —

static.olark.com

ASN | Cloudflare

style-src Host

jsDelivr

cdn.jsdelivr.net

ASN | Cloudflare

style-src Host

jsDelivr

*.jsdelivr.net

style-src Keyword —

'unsafe-inline'

style-src Host

unpkg

https://unpkg.com/aos@next/dist/aos.css

ASN | Cloudflare

font-src Host

Google Static File Front End

*.gstatic.com

font-src Host —

static.olark.com

ASN | Cloudflare

font-src Host

AWS CloudFront

*.cloudfront.net

font-src Scheme —

data:

frame-src Host

Stripe

*.stripe.com

frame-src Host —

*.rippling.com

frame-src Host

Google DoubleClick

*.doubleclick.net

frame-src Host

YouTube

*.youtube.com

frame-src Host

YouTube

*.youtube-nocookie.com

frame-src Host —

*.olark.com

ASN | Google Cloud

frame-src Host

HubSpot Forms

*.hsforms.com

frame-src Host

HubSpot

app.hubspot.com

ASN | Cloudflare

frame-src Host

Google Search

www.google.com

frame-src Host

Google Static File Front End

www.gstatic.com

connect-src Host

Vector

*.vector.co

ASN | Cloudflare

connect-src Host —

d-code.liadm.com

connect-src Host —

*.usbrowserspeed.com

connect-src Host

IP-API

*.ip-api.com

ASN | TUT-AS - Total Uptime Technologies, LLC

connect-src Host

LinkedIn

*.linkedin.com

ASN | Microsoft

connect-src Host

Stripe

*.stripe.com

connect-src Host —

countly.onfleet.com

ASN | Google Cloud

connect-src Host —

onfleet.com

connect-src Host —

*.onfleet.com

connect-src Host

Google AdSense

*.googlesyndication.com

connect-src Host —

*.listenlayer.com

ASN | Cloudflare

connect-src Host

Reddit

*.reddit.com

connect-src Host

Reddit

*.redditstatic.com

connect-src Host —

*.sitesearch360.com

ASN | Cloudflare

connect-src Host

HubSpot

*.hubapi.com

ASN | Cloudflare

connect-src Host —

*.olark.com

ASN | Google Cloud

connect-src Host

HubSpot

*.hubspot.com

ASN | Cloudflare

connect-src Host

Amazon S3

*.s3.amazonaws.com

connect-src Host

Ghost

onfleet.ghost.io

connect-src Host

HubSpot Forms

*.hsforms.com

connect-src Host

Segment

api.segment.io

connect-src Host

Transcend

telemetry.transcend.io

connect-src Host

Microsoft Clarity

*.clarity.ms

ASN | Microsoft

connect-src Host

Segment

cdn.segment.com

connect-src Host

Transcend

transcend-cdn.com

ASN | Cloudflare

connect-src Host

Google Analytics

*.google-analytics.com

connect-src Host

Google DoubleClick

*.doubleclick.net

connect-src Host

Google Search

*.google.com

connect-src Host —

publickeyservice.keys.adm-services.goog

ASN | Google Cloud

connect-src Host

LaunchDarkly

app.launchdarkly.com

connect-src Host

LaunchDarkly

*.launchdarkly.com

connect-src Host

HubSpot Live Chat

*.usemessages.com

connect-src Host

HubSpot

static.hsappstatic.net

ASN | Cloudflare

connect-src Host

HubSpot

*.hsappstatic.net

ASN | Cloudflare

connect-src Host

Google Search

www.google.com

connect-src Host

Google Static File Front End

www.gstatic.com

Content-Security-Policy-Report-Only

No report-only CSP headers found.