Content-Security-Policy Analysis for https://cipher.ai

Open Cached · just now

17 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self'; base-uri 'self'; object-src 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:   https://www.googletagmanager.com   https://www.google-analytics.com   https://stats.g.doubleclick.net   https://googleads.g.doubleclick.net   https://www.clarity.ms   https://scripts.clarity.ms   https://analytics.ahrefs.com   https://analytics.wpmucdn.com   https://tags.clickagy.com   https://js.adsrvr.org   https://cdn.cookielaw.org   https://static.onetrust.com   https://*.onetrust.com   https://*.cookielaw.org   https://js.hs-scripts.com   https://js-na1.hs-scripts.com   https://js.hs-analytics.net   https://js.hubspot.com   https://js.hscollectedforms.net   https://js.hsforms.net   https://js.hscta.net   https://cta-service-cms2.hubspot.com   https://js.hs-banner.com   https://js.hsadspixel.net   https://js.usemessages.com   https://js.zi-scripts.com   https://snap.licdn.com   https://platform-api.sharethis.com   https://buttons-config.sharethis.com   https://ws-assets.zoominfo.com   https://ws.zoominfo.com   https://www.youtube.com;  script-src-elem 'self' 'unsafe-inline' blob:   https://www.googletagmanager.com   https://www.google-analytics.com   https://stats.g.doubleclick.net   https://googleads.g.doubleclick.net   https://www.clarity.ms   https://scripts.clarity.ms   https://analytics.ahrefs.com   https://analytics.wpmucdn.com   https://tags.clickagy.com   https://js.adsrvr.org   https://cdn.cookielaw.org   https://static.onetrust.com   https://*.onetrust.com   https://*.cookielaw.org   https://js.hs-scripts.com   https://js-na1.hs-scripts.com   https://js.hs-analytics.net   https://js.hubspot.com   https://js.hscollectedforms.net   https://js.hsforms.net   https://js.hscta.net   https://cta-service-cms2.hubspot.com   https://js.hs-banner.com   https://js.hsadspixel.net   https://js.usemessages.com   https://js.zi-scripts.com   https://snap.licdn.com   https://platform-api.sharethis.com   https://buttons-config.sharethis.com   https://ws-assets.zoominfo.com   https://ws.zoominfo.com   https://www.youtube.com;  style-src 'self' 'unsafe-inline'   https://cdnjs.cloudflare.com   https://fonts.googleapis.com   https://cdn.cookielaw.org   https://*.onetrust.com;  img-src 'self' data: blob: https:   https://px.ads.linkedin.com   https://www.google-analytics.com   https://stats.g.doubleclick.net;  font-src 'self' data: blob:   https://cdnjs.cloudflare.com   https://fonts.gstatic.com;  connect-src 'self' https:   https://www.google-analytics.com   https://region1.google-analytics.com   https://stats.g.doubleclick.net   https://px.ads.linkedin.com   https://forms.hsforms.com   https://*.hsforms.com   https://track.hubspot.com   https://api.hubspot.com   https://js.hs-analytics.net   https://*.hubspot.com   https://*.hs-analytics.net   https://*.usemessages.com   https://*.onetrust.com   https://static.onetrust.com   https://www.clarity.ms   https://c.clarity.ms   https://ws-assets.zoominfo.com   https://ws.zoominfo.com;  frame-src 'self' https: about:   https://*.onetrust.com   https://*.usemessages.com   https://www.youtube.com   https://www.youtube-nocookie.com;  frame-ancestors 'self';  worker-src 'self' blob:; media-src 'self' https: data:; manifest-src 'self';  form-action 'self'   https://forms.hsforms.com   https://*.hsforms.com;  upgrade-insecure-requests; block-all-mixed-content;

default-src Keyword —

'self'

base-uri Keyword —

'self'

object-src Keyword —

'none'

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'