Content-Security-Policy Analysis for https://apps.enable.com

Open Cached · just now

6 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' *.wootric.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net *.enable.com; font-src use.typekit.net; img-src 'self' enable.com *.enable.com hubspot.net *.hubspot.net hubspotusercontent20.net *.hubspotusercontent20.net data:; connect-src 'self' enable.com *.enable.com *.wootric.com *.service.signalr.net wss://*.service.signalr.net;

default-src Keyword —

'self'

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Host —

*.wootric.com

ASN | Cloudflare

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Adobe Fonts (Typekit)

use.typekit.net

style-src Host

Adobe Fonts (Typekit)

p.typekit.net

style-src Host —

*.enable.com

ASN | Cloudflare

font-src Host

Adobe Fonts (Typekit)

use.typekit.net

img-src Keyword —

'self'

img-src Host —

enable.com

ASN | Cloudflare

img-src Host —

*.enable.com

ASN | Cloudflare

img-src Host

HubSpot

hubspot.net

ASN | Cloudflare

img-src Host

HubSpot

*.hubspot.net

ASN | Cloudflare

img-src Host

HubSpot

hubspotusercontent20.net

img-src Host

HubSpot

*.hubspotusercontent20.net

img-src Scheme —

data:

connect-src Keyword —

'self'

connect-src Host —

enable.com

ASN | Cloudflare

connect-src Host —

*.enable.com

ASN | Cloudflare

connect-src Host —

*.wootric.com

ASN | Cloudflare

connect-src Host —

*.service.signalr.net

connect-src Host —

wss://*.service.signalr.net

Content-Security-Policy-Report-Only

No report-only CSP headers found.