Content-Security-Policy Analysis for https://apps.ionic.io

Open Cached · just now

13 directives

Content-Security-Policy

Content-Security-Policy: connect-src 'self' data: https://*.amplitude.com https://*.crazyegg.com https://*.ionicframework.com https://*.ionicjs.com https://*.getbeamer.com https://*.launchdarkly.com https://api.hubapi.com https://api.hubspot.com https://api.segment.io https://cdn.segment.com https://cdnjs.cloudflare.com https://forms.hsforms.com https://ionicframework.com https://js.stripe.com https://maps.googleapis.com https://pro-app-storage-dev.s3.amazonaws.com https://pro-app-storage.s3.amazonaws.com https://sentry.io https://stats.g.doubleclick.net https://trk.kissmetrics.com https://web.delighted.com https://www.google-analytics.com https://www2.profitwell.com wss://*.getbeamer.com wss://ws.pusherapp.com;form-action 'self' https://forms.hsforms.com;frame-src https://*.appflowapp.com https://*.getbeamer.com https://*.ionic.io https://*.staging.appflowapp.com https://app.hubspot.com https://fast.wistia.com https://fast.wistia.net https://forms.hsforms.com https://js.stripe.com https://recaptcha.google.com/recaptcha/ https://www.google.com/recaptcha/ https://www.youtube.com;img-src 'self' data: https:;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.crazyegg.com https://*.getbeamer.com https://browser.sentry-cdn.com https://cdn.amplitude.com https://cdn.bizible.com https://cdn.ravenjs.com https://cdn.segment.com https://d2yyd1h5u9mauk.cloudfront.net https://dna8twue3dlxq.cloudfront.net https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.stripe.com https://js.usemessages.com https://maps.googleapis.com https://px.ads.linkedin.com https://scripts.kissmetrics.com https://snap.licdn.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline' https://*.getbeamer.com https://fonts.googleapis.com https://heapanalytics.com https://tagmanager.google.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests

connect-src Keyword —

'self'

connect-src Scheme —

data:

connect-src Host

Amplitude

https://*.amplitude.com

connect-src Host

Crazy Egg

https://*.crazyegg.com

connect-src Host —

https://*.ionicframework.com

ASN | Cloudflare

connect-src Host —

https://*.ionicjs.com

ASN | Cloudflare

connect-src Host

Beamer

https://*.getbeamer.com

ASN | Cloudflare

connect-src Host

LaunchDarkly

https://*.launchdarkly.com

connect-src Host

HubSpot

https://api.hubapi.com

ASN | Cloudflare

connect-src Host

HubSpot

https://api.hubspot.com

ASN | Cloudflare

connect-src Host

Segment

https://api.segment.io

connect-src Host

Segment

https://cdn.segment.com

connect-src Host

Cloudflare CDNJS

https://cdnjs.cloudflare.com

ASN | Cloudflare

connect-src Host

HubSpot Forms

https://forms.hsforms.com

ASN | Cloudflare

connect-src Host —

https://ionicframework.com

ASN | Cloudflare

connect-src Host

Stripe

https://js.stripe.com

connect-src Host

Google Maps

https://maps.googleapis.com

connect-src Host

Amazon S3

https://pro-app-storage-dev.s3.amazonaws.com

connect-src Host

Amazon S3

https://pro-app-storage.s3.amazonaws.com

connect-src Host

Sentry

https://sentry.io

ASN | Google Cloud

connect-src Host

Google DoubleClick

https://stats.g.doubleclick.net

connect-src Host —

https://trk.kissmetrics.com

ASN | DigitalOcean

connect-src Host —

https://web.delighted.com

connect-src Host

Google Analytics

https://www.google-analytics.com

connect-src Host —

https://www2.profitwell.com

ASN | Cloudflare

connect-src Host

Beamer

wss://*.getbeamer.com

ASN | Cloudflare

connect-src Host

Pusher

wss://ws.pusherapp.com

form-action Keyword —

'self'

form-action Host

HubSpot Forms

https://forms.hsforms.com

ASN | Cloudflare

frame-src Host —

https://*.appflowapp.com

ASN | Cloudflare

frame-src Host

Beamer

https://*.getbeamer.com

ASN | Cloudflare

frame-src Host —

https://*.ionic.io

ASN | Cloudflare

frame-src Host —

https://*.staging.appflowapp.com

frame-src Host

HubSpot

https://app.hubspot.com

ASN | Cloudflare

frame-src Host

Wistia

https://fast.wistia.com

frame-src Host

Wistia

https://fast.wistia.net

frame-src Host

HubSpot Forms

https://forms.hsforms.com

ASN | Cloudflare

frame-src Host

Stripe

https://js.stripe.com

frame-src Host

Google reCAPTCHA

https://recaptcha.google.com/recaptcha/

frame-src Host

Google reCAPTCHA

https://www.google.com/recaptcha/

frame-src Host

YouTube

https://www.youtube.com

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Scheme —

https:

script-src Keyword —

'self'

script-src Keyword —

'unsafe-eval'

script-src Keyword —

'unsafe-inline'

script-src Scheme —

blob:

script-src Host

Crazy Egg

https://*.crazyegg.com

script-src Host

Beamer

https://*.getbeamer.com

ASN | Cloudflare

script-src Host

Sentry

https://browser.sentry-cdn.com

script-src Host

Amplitude

https://cdn.amplitude.com

script-src Host

Adobe Marketo

https://cdn.bizible.com

script-src Host

Sentry

https://cdn.ravenjs.com

script-src Host

Segment

https://cdn.segment.com

script-src Host

AWS CloudFront

https://d2yyd1h5u9mauk.cloudfront.net

script-src Host

AWS CloudFront

https://dna8twue3dlxq.cloudfront.net

script-src Host

HubSpot Forms

https://forms.hsforms.com

ASN | Cloudflare

script-src Host

HubSpot Analytics

https://js.hs-analytics.net

ASN | Cloudflare

script-src Host

HubSpot

https://js.hs-scripts.com

ASN | Cloudflare

script-src Host

HubSpot

https://js.hsadspixel.net

ASN | Cloudflare

script-src Host

HubSpot Forms

https://js.hsforms.net

ASN | Cloudflare

script-src Host

Stripe

https://js.stripe.com

script-src Host

HubSpot Live Chat

https://js.usemessages.com

ASN | Cloudflare

script-src Host

Google Maps

https://maps.googleapis.com

script-src Host

LinkedIn

https://px.ads.linkedin.com

ASN | Microsoft

script-src Host —

https://scripts.kissmetrics.com

script-src Host

LinkedIn

https://snap.licdn.com

script-src Host

Google Tag Manager

https://tagmanager.google.com

script-src Host

Google Analytics

https://www.google-analytics.com

script-src Host

Google reCAPTCHA

https://www.google.com/recaptcha/

script-src Host

Google Tag Manager

https://www.googletagmanager.com

script-src Host

Google Static File Front End

https://www.gstatic.com/recaptcha/

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Beamer

https://*.getbeamer.com

ASN | Cloudflare

style-src Host

Google Fonts

https://fonts.googleapis.com

style-src Host

Heap

https://heapanalytics.com

style-src Host

Google Tag Manager

https://tagmanager.google.com

default-src Keyword —

'self'

base-uri Keyword —

'self'

font-src Keyword —

'self'

font-src Scheme —

https:

font-src Scheme —

data:

frame-ancestors Keyword —

'self'

object-src Keyword —

'none'

script-src-attr Keyword —

'none'

upgrade-insecure-requests Source —

(no sources)

Content-Security-Policy-Report-Only

No report-only CSP headers found.