Content-Security-Policy Analysis for https://app.vouched.id

Open Cached · just now

9 directives

Content-Security-Policy

Content-Security-Policy: img-src * data: 'self' *.doubleclick.net *.google-analytics.com *.googleapis.com *.vouched.id vouched.id; child-src blob: data: 'self' 'unsafe-eval' 'unsafe-inline'; worker-src blob: data: 'self' 'unsafe-eval' 'unsafe-inline'; frame-src blob: 'self' *.google.com *.googleapis.com *.googletagmanager.com *.hubspot.com *.vimeo.com *.vouched.id https://app.sigmacomputing.com/ js.stripe.com; font-src data: 'self' *.fontawesome.com *.gstatic.com; default-src 'self' *.unpkg.com; connect-src 'self' *.ads.linkedin.com *.amplitude.com *.browser-intake-datadoghq.com *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsappstatic.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.openstreetmap.org *.vouched.id browser-intake-datadoghq.com hubapi.com localhost:7700 localhost:7766; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.amazonaws.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hscollectedforms.net *.hubspot.com *.licdn.com *.partnerstack.com *.usemessages.com *.vouched.id *.zoominfo.com js.stripe.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.googleapis.com *.vouched.id vouched.id

img-src Host —

*

img-src Scheme —

data:

img-src Keyword —

'self'

img-src Host

Google DoubleClick

*.doubleclick.net

img-src Host

Google Analytics

*.google-analytics.com

img-src Host

Google API JS Client

*.googleapis.com

img-src Host —

*.vouched.id

ASN | Cloudflare

img-src Host —

vouched.id

ASN | Cloudflare

child-src Scheme —

blob:

child-src Scheme —

data:

child-src Keyword —

'self'

child-src Keyword —

'unsafe-eval'

child-src Keyword —

'unsafe-inline'

worker-src Scheme —

blob:

worker-src Scheme —

data:

worker-src Keyword —

'self'

worker-src Keyword —

'unsafe-eval'

worker-src Keyword —

'unsafe-inline'

frame-src Scheme —

blob:

frame-src Keyword —

'self'

frame-src Host

Google Search

*.google.com

frame-src Host

Google API JS Client

*.googleapis.com

frame-src Host

Google Tag Manager

*.googletagmanager.com

frame-src Host

HubSpot

*.hubspot.com

ASN | Cloudflare

frame-src Host

Vimeo

*.vimeo.com

ASN | Cloudflare

frame-src Host —

*.vouched.id

ASN | Cloudflare

frame-src Host —

https://app.sigmacomputing.com/

frame-src Host

Stripe

js.stripe.com

font-src Scheme —

data:

font-src Keyword —

'self'

font-src Host

Font Awesome

*.fontawesome.com

ASN | Cloudflare

font-src Host

Google Static File Front End

*.gstatic.com

default-src Keyword —

'self'

default-src Host

unpkg

*.unpkg.com

ASN | Cloudflare

connect-src Keyword —

'self'

connect-src Host

LinkedIn

*.ads.linkedin.com

connect-src Host

Amplitude

*.amplitude.com

connect-src Host

Datadog

*.browser-intake-datadoghq.com

connect-src Host

Google DoubleClick

*.doubleclick.net

connect-src Host

Google Analytics

*.google-analytics.com

connect-src Host

Google Search

*.google.com

connect-src Host

Google API JS Client

*.googleapis.com

connect-src Host

HubSpot Analytics

*.hs-analytics.net

connect-src Host

HubSpot

*.hs-banner.com

connect-src Host

HubSpot

*.hs-scripts.com

connect-src Host

HubSpot

*.hsappstatic.net

ASN | Cloudflare

connect-src Host

HubSpot Forms

*.hscollectedforms.net

connect-src Host

HubSpot

*.hubapi.com

ASN | Cloudflare

connect-src Host

HubSpot

*.hubspot.com

ASN | Cloudflare

connect-src Host

OpenStreetMap

*.openstreetmap.org

connect-src Host —

*.vouched.id

ASN | Cloudflare

connect-src Host

Datadog

browser-intake-datadoghq.com

connect-src Host

HubSpot

hubapi.com

ASN | Cloudflare

connect-src Host —

localhost:7700

connect-src Host —

localhost:7766

script-src Keyword —

'self'

script-src Keyword —

'unsafe-eval'

script-src Keyword —

'unsafe-inline'

script-src Host

AWS

*.amazonaws.com

script-src Host

Google Analytics

*.google-analytics.com

script-src Host

Google Search

*.google.com

script-src Host

Google API JS Client

*.googleapis.com

script-src Host

Google Tag Manager

*.googletagmanager.com

script-src Host

Google Static File Front End

*.gstatic.com

script-src Host

HubSpot Analytics

*.hs-analytics.net

script-src Host

HubSpot

*.hs-banner.com

script-src Host

HubSpot

*.hs-scripts.com

script-src Host

HubSpot

*.hsadspixel.net

script-src Host

HubSpot Forms

*.hscollectedforms.net

script-src Host

HubSpot

*.hubspot.com

ASN | Cloudflare

script-src Host

LinkedIn

*.licdn.com

script-src Host

PartnerStack

*.partnerstack.com

ASN | Cloudflare

script-src Host

HubSpot Live Chat

*.usemessages.com

script-src Host —

*.vouched.id

ASN | Cloudflare

script-src Host

ZoomInfo

*.zoominfo.com

ASN | Cloudflare

script-src Host

Stripe

js.stripe.com

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Font Awesome

*.fontawesome.com

ASN | Cloudflare

style-src Host

Google API JS Client

*.googleapis.com

style-src Host —

*.vouched.id

ASN | Cloudflare

style-src Host —

vouched.id

ASN | Cloudflare

Content-Security-Policy-Report-Only

No report-only CSP headers found.