Content-Security-Policy Analysis for https://beta.figured.com

Open Cached · 10h ago

14 directives

Content-Security-Policy

No enforced CSP headers found.

Content-Security-Policy-Report-Only

Content-Security-Policy-Report-Only: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://widget.intercom.io https://js.intercomcdn.com https://*.fullstory.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://*.newrelic.com https://*.nr-data.net https://*.pusher.com https://inlinemanual.com https://www.googleadservices.com https://*.ezidebit.com.au https://*.jsdelivr.net https://kit.fontawesome.com https://code.jquery.com https://maps.googleapis.com https://fip-static.figured.com; img-src 'self' data: blob: https: https://*.s3.ap-southeast-2.amazonaws.com https://*.s3.us-west-2.amazonaws.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://*.cloudfront.net https://kit-pro.fontawesome.com https://fip-static.figured.com; child-src 'self' blob:; connect-src 'self' https://my.figured.com wss://*.pusher.com wss://*.pusher.com:443 https://*.pusher.com wss://*.intercom.io https://*.intercom.io https://*.intercomcdn.com https://*.intercom-messenger.com wss://*.intercom-messenger.com https://sentry.io https://*.sentry.io https://*.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://analytics.google.com https://*.doubleclick.net https://analytics.inlinemanual.com https://*.newrelic.com https://*.nr-data.net https://sessions.bugsnag.com https://maps.googleapis.com https://data.linz.govt.nz https://*.fullstory.com https://fip-static.figured.com https://storage.googleapis.com https://*.s3.ap-southeast-2.amazonaws.com https://*.s3.us-west-2.amazonaws.com; font-src 'self' data: https://fonts.gstatic.com https://*.intercomcdn.com https://dl.dropboxusercontent.com https://kit-pro.fontawesome.com https://raw.githubusercontent.com/adobe-fonts/source-sans/release/OTF/SourceSans3-Black.otf https://fip-static.figured.com; frame-src 'self' https://www.facebook.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://*.analytics.google.com https://analytics.google.com https://*.vimeo.com https://intercom-sheets.com https://api.dev-icbf.com https://api.icbf.com blob: https://www.youtube.com https://storage.googleapis.com; media-src 'self' https://intercomcdn.com https://*.intercomcdn.com https://*.vimeo.com; worker-src blob: https://*.jsdelivr.net; report-uri https://my.figured.com/csp/violation-reports; object-src 'self' https://storage.googleapis.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: https://widget.intercom.io https://js.intercomcdn.com https://*.fullstory.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://*.newrelic.com https://*.nr-data.net https://*.pusher.com https://inlinemanual.com https://www.googleadservices.com https://*.ezidebit.com.au https://*.jsdelivr.net https://kit.fontawesome.com https://code.jquery.com https://maps.googleapis.com https://fip-static.figured.com; style-src-elem 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://*.cloudfront.net https://kit-pro.fontawesome.com https://fip-static.figured.com

default-src Keyword —

'none'

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Scheme —

data:

script-src Host