Content-Security-Policy Analysis for https://dev-labs.optum.com

Open Cached · just now

3 directives

Content-Security-Policy

Content-Security-Policy: frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org  www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.recaptcha.net match.adsrvr.org; frame-src 'self' https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org www.recaptcha.net *.lpsnmedia.net *.liveperson.net https://va.idp.liveperson.net match.adsrvr.org; upgrade-insecure-requests

frame-ancestors Keyword —

'self'

frame-ancestors Host —

*.uhg.com

frame-ancestors Host —

*.optum.com

frame-ancestors Host —

*.uhc.com

frame-ancestors Host —

*.adobeaemcloud.com

frame-ancestors Host —

*.pagescdn.com

frame-ancestors Host —

*.healthsafe-id.com

frame-ancestors Host

Qualtrics

uhgenterprise.qualtrics.com

frame-ancestors Host

Salesforce Sites

g360site.secure.force.com

frame-ancestors Host

Salesforce Sites

g360.my.salesforce-sites.com

frame-ancestors Host

Google DoubleClick

*.DoubleClick.net

frame-ancestors Host

YouTube

*.youtube.com

frame-ancestors Host Simplecast

player.simplecast.com

frame-ancestors Host —

*.trkn.us

frame-ancestors Host —

covid19.rallyhealth.com

frame-ancestors Host

The Trade Desk

insight.adsrvr.org

frame-ancestors Host

Google reCAPTCHA

www.google.com/recaptcha/

frame-ancestors Host

Google reCAPTCHA

recaptcha.google.com/recaptcha/

frame-ancestors Host

Google reCAPTCHA

www.recaptcha.net

frame-ancestors Host

The Trade Desk

match.adsrvr.org

frame-src Keyword —

'self'

frame-src Host —

https://community.pregnancy.org

frame-src Host —

https://optum.marketing.adobe.com

frame-src Host —

*.uhg.com

frame-src Host —

*.optum.com

frame-src Host —

*.uhc.com

frame-src Host —

*.adobeaemcloud.com

frame-src Host —

*.pagescdn.com

frame-src Host —

*.healthsafe-id.com

frame-src Host

Qualtrics

uhgenterprise.qualtrics.com

frame-src Host

Salesforce Sites

g360site.secure.force.com

frame-src Host

Salesforce Sites

g360.my.salesforce-sites.com

frame-src Host

Google DoubleClick

*.DoubleClick.net

frame-src Host

YouTube

*.youtube.com

frame-src Host Simplecast

player.simplecast.com

frame-src Host —

*.trkn.us

frame-src Host —

covid19.rallyhealth.com

frame-src Host

The Trade Desk

insight.adsrvr.org

frame-src Host

Google reCAPTCHA

www.recaptcha.net

frame-src Host —

*.lpsnmedia.net

frame-src Host —

*.liveperson.net

frame-src Host —

https://va.idp.liveperson.net

frame-src Host

The Trade Desk

match.adsrvr.org

upgrade-insecure-requests Source —

(no sources)

Content-Security-Policy-Report-Only

No report-only CSP headers found.