Content-Security-Policy Analysis for https://app.ringover.com

Open Cached · just now

13 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self' *.ringover.com; connect-src * blob: data:; style-src 'self' 'unsafe-inline' *.ringover.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ringover.com *.salesforce.com *.force.com *.zendesk.com *.zdassets.com *.dynamics.com cdn.amplitude.com t.screeb.app; frame-ancestors * app://* app: chrome-extension://*; frame-src 'self' https://youtube.com https://www.youtube.com https://meet.ringover.io https://meet.ringover.dev https://cdn.ringover.com https://webcdn.ringover.com https://admin.voxpay.ai https://auth.ringover.com https://popup.schedulehero.io blob: data:; child-src https://youtube.com https://www.youtube.com https://meet.ringover.io https://meet.ringover.dev https://cdn-us.ringover.com https://cdn.ringover.com https://webcdn.ringover.com https://admin.voxpay.ai blob: data:; object-src 'self' *.ringover.com blob: data:; worker-src 'self' blob: data:; font-src 'self' fonts.gstatic.com t.screeb.app https://webcdn.ringover.com data:; img-src * data: blob:; media-src 'self' *.ringover.com static.screeb.app blob: data:; upgrade-insecure-requests

default-src Keyword —

'self'

default-src Host —

*.ringover.com

connect-src Host —

*

connect-src Scheme —

blob:

connect-src Scheme —

data:

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host —

*.ringover.com

style-src Host

Google Fonts

fonts.googleapis.com

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host —

*.ringover.com

script-src Host

Salesforce Cloud

*.salesforce.com

script-src Host

Salesforce Sites

*.force.com

script-src Host

Zendesk

*.zendesk.com

ASN | Cloudflare

script-src Host —

*.zdassets.com

script-src Host —

*.dynamics.com

ASN | Microsoft

script-src Host

Amplitude

cdn.amplitude.com

script-src Host —

t.screeb.app

ASN | Cloudflare

frame-ancestors Host —

*

frame-ancestors Host —

app://*

frame-ancestors Scheme —

app:

frame-ancestors Host —

chrome-extension://*

frame-src Keyword —

'self'

frame-src Host

YouTube

https://youtube.com

frame-src Host

YouTube

https://www.youtube.com

frame-src Host —

https://meet.ringover.io

ASN | Cloudflare

frame-src Host —

https://meet.ringover.dev

frame-src Host —

https://cdn.ringover.com

ASN | BJTPARTNERS-AS BJT Partners SAS

frame-src Host —

https://webcdn.ringover.com

frame-src Host —

https://admin.voxpay.ai

frame-src Host —

https://auth.ringover.com

ASN | BJTPARTNERS-AS BJT Partners SAS

frame-src Host —

https://popup.schedulehero.io

frame-src Scheme —

blob:

frame-src Scheme —

data:

child-src Host

YouTube

https://youtube.com

child-src Host

YouTube

https://www.youtube.com

child-src Host —

https://meet.ringover.io

ASN | Cloudflare

child-src Host —

https://meet.ringover.dev

child-src Host —

https://cdn-us.ringover.com

child-src Host —

https://cdn.ringover.com

ASN | BJTPARTNERS-AS BJT Partners SAS

child-src Host —

https://webcdn.ringover.com

child-src Host —

https://admin.voxpay.ai

child-src Scheme —

blob:

child-src Scheme —

data:

object-src Keyword —

'self'

object-src Host —

*.ringover.com

object-src Scheme —

blob:

object-src Scheme —

data:

worker-src Keyword —

'self'

worker-src Scheme —

blob:

worker-src Scheme —

data:

font-src Keyword —

'self'

font-src Host

Google Fonts

fonts.gstatic.com

font-src Host —

t.screeb.app

ASN | Cloudflare

font-src Host —

https://webcdn.ringover.com

font-src Scheme —

data:

img-src Host —

*

img-src Scheme —

data:

img-src Scheme —

blob:

media-src Keyword —

'self'

media-src Host —

*.ringover.com

media-src Host —

static.screeb.app

ASN | Cloudflare

media-src Scheme —

blob:

media-src Scheme —

data:

upgrade-insecure-requests Source —

(no sources)

Content-Security-Policy-Report-Only

No report-only CSP headers found.