Content-Security-Policy Analysis for https://app.procore.com

Open Cached · just now

9 directives

Content-Security-Policy

Content-Security-Policy: frame-ancestors 'self' app.procore.com us02.procore.com support.procore.com edgeservices.bing.com www.bing.com www.staging-bing-int.com copilot.microsoft.com microsoftonline.com sharepoint-df.com sharepoint.com sharepointonline.com spgrid.com spolabs.com spoppe.com sposites.com partner.microsoftonline.cn sharepoint.cn sharepoint.de myus.msftsptest.com my.microsoftpersonalcontentppe.com wopi.onedrive.com wopi.onedrive-tst.com outlook.office.com outlook-sdf.office.com outlook.live.com outlook-sdf.live.com outlook-tdf.live.com sdfpilot.live.com outlook.office365.us outlook.office365.com exchangelabs.live-int.com office-int.com officeapps.live-int.com officeapps.live.com *.officeapps-df.live.com *.cloud.microsoft *.datagrid.com fa000000125.resources.office.net fa000000129.resources.office.net fa000000124.resources.office.net fa000000128.resources.office.net; default-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: *.omtrdc.net www.googletagmanager.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' assets.adobedtm.com *.omtrdc.net https://www.googletagmanager.com https://connect.facebook.net/ https://snap.licdn.com; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests

frame-ancestors Keyword —

'self'

frame-ancestors Host —

app.procore.com

ASN | Cloudflare

frame-ancestors Host —

us02.procore.com

ASN | Cloudflare

frame-ancestors Host —

support.procore.com

frame-ancestors Host

Bing

edgeservices.bing.com

frame-ancestors Host

Bing

www.bing.com

frame-ancestors Host —

www.staging-bing-int.com

ASN | Microsoft

frame-ancestors Host —

copilot.microsoft.com

ASN | Cloudflare

frame-ancestors Host —

microsoftonline.com

frame-ancestors Host —

sharepoint-df.com

ASN | Microsoft

frame-ancestors Host

Microsoft SharePoint

sharepoint.com

ASN | Microsoft

frame-ancestors Host

Microsoft SharePoint

sharepointonline.com

ASN | Microsoft

frame-ancestors Host —

spgrid.com

ASN | Microsoft

frame-ancestors Host —

spolabs.com

ASN | Microsoft

frame-ancestors Host —

spoppe.com

ASN | Microsoft

frame-ancestors Host —

sposites.com

frame-ancestors Host —

partner.microsoftonline.cn

frame-ancestors Host —

sharepoint.cn

ASN | BLUECLOUD Shanghai Blue Cloud Technology Co.

frame-ancestors Host —

sharepoint.de

ASN | Microsoft

frame-ancestors Host —

myus.msftsptest.com

frame-ancestors Host —

my.microsoftpersonalcontentppe.com

ASN | Microsoft

frame-ancestors Host —

wopi.onedrive.com

ASN | Microsoft

frame-ancestors Host —

wopi.onedrive-tst.com

frame-ancestors Host

Microsoft 365

outlook.office.com

ASN | Microsoft

frame-ancestors Host

Microsoft 365

outlook-sdf.office.com

ASN | Microsoft

frame-ancestors Host —

outlook.live.com

ASN | Microsoft

frame-ancestors Host —

outlook-sdf.live.com

ASN | Microsoft

frame-ancestors Host —

outlook-tdf.live.com

ASN | Microsoft

frame-ancestors Host —

sdfpilot.live.com

ASN | Microsoft

frame-ancestors Host —

outlook.office365.us

ASN | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation

frame-ancestors Host

Microsoft 365

outlook.office365.com

ASN | Microsoft

frame-ancestors Host —

exchangelabs.live-int.com

frame-ancestors Host —

office-int.com

ASN | Microsoft

frame-ancestors Host —

officeapps.live-int.com

ASN | Microsoft

frame-ancestors Host —

officeapps.live.com

ASN | Microsoft

frame-ancestors Host —

*.officeapps-df.live.com

ASN | Microsoft

frame-ancestors Host —

*.cloud.microsoft

ASN | Microsoft

frame-ancestors Host —

*.datagrid.com

ASN | Cloudflare

frame-ancestors Host

Microsoft 365

fa000000125.resources.office.net

frame-ancestors Host

Microsoft 365

fa000000129.resources.office.net

frame-ancestors Host

Microsoft 365

fa000000124.resources.office.net

frame-ancestors Host

Microsoft 365

fa000000128.resources.office.net

default-src Keyword —

'self'

default-src Scheme —

https:

connect-src Keyword —

'self'

connect-src Scheme —

https:

font-src Keyword —

'self'

font-src Scheme —

https:

font-src Scheme —

data:

img-src Keyword —

'self'

img-src Scheme —

https:

img-src Scheme —

data:

img-src Host

Adobe Target

*.omtrdc.net

img-src Host

Google Tag Manager

www.googletagmanager.com

object-src Keyword —

'none'

script-src Keyword —

'self'

script-src Scheme —

https:

script-src Keyword —

'unsafe-inline'

script-src Host

Adobe Dynamic Tag Management

assets.adobedtm.com

script-src Host

Adobe Target

*.omtrdc.net

script-src Host

Google Tag Manager

https://www.googletagmanager.com

script-src Host

Facebook

https://connect.facebook.net/

script-src Host

LinkedIn

https://snap.licdn.com

style-src Keyword —

'self'

style-src Scheme —

https:

style-src Keyword —

'unsafe-inline'

upgrade-insecure-requests Source —

(no sources)

Content-Security-Policy-Report-Only

No report-only CSP headers found.