Content-Security-Policy Analysis for https://documentation.conga.com

Open Cached · just now

8 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https: data: 'nonce-MGJlZWFjMmMtMTYyYi00ODg0LThkNjItM2YzZGNkNDAwM2Fh';font-src 'self' https: *.storage.googleapis.com fonts.gstatic.com *.easydita.com *.heretto.com 'unsafe-eval' 'unsafe-inline';frame-src 'self' https:;frame-ancestors 'self' https:;object-src 'self' https:;script-src 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com *.storage.googleapis.com *.googletagmanager.com *.easydita.com *.heretto.com *.newrelic.com https://bam.nr-data.net https://documentation.conga.com 'nonce-MGJlZWFjMmMtMTYyYi00ODg0LThkNjItM2YzZGNkNDAwM2Fh' *.userback.io ajax.googleapis.com cdn.jsdelivr.net *.sitescdn.net *.conga.com.pagescdn.com *.preview.pagescdn.com *.siteintercept.qualtrics.com *.qualtrics.com unpkg.com;style-src 'self' https: *.storage.googleapis.com *.easydita.com *.heretto.com fonts.googleapis.com 'unsafe-eval' 'unsafe-inline';base-uri https://documentation.conga.com

default-src Keyword —

'self'

default-src Keyword —

'unsafe-eval'

default-src Keyword —

'unsafe-inline'

default-src Scheme —

https:

default-src Scheme —

data:

default-src Nonce —

'nonce-MGJlZWFjMmMtMTYyYi00ODg0LThkNjItM2YzZGNkNDAwM2Fh'

font-src Keyword —

'self'

font-src Scheme —

https:

font-src Host

Google Cloud Storage

*.storage.googleapis.com

font-src Host

Google Fonts

fonts.gstatic.com

font-src Host —

*.easydita.com

ASN | Squarespace

font-src Host —

*.heretto.com

ASN | Cloudflare

font-src Keyword —

'unsafe-eval'

font-src Keyword —

'unsafe-inline'

frame-src Keyword —

'self'

frame-src Scheme —

https:

frame-ancestors Keyword —

'self'

frame-ancestors Scheme —

https:

object-src Keyword —

'self'

object-src Scheme —

https:

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host

Google Analytics

https://www.google-analytics.com

script-src Host

Google Cloud Storage

*.storage.googleapis.com

script-src Host

Google Tag Manager

*.googletagmanager.com

script-src Host —

*.easydita.com

ASN | Squarespace

script-src Host —

*.heretto.com

ASN | Cloudflare

script-src Host

New Relic

*.newrelic.com

script-src Host —

https://bam.nr-data.net

script-src Host —

https://documentation.conga.com

ASN | Google Cloud

script-src Nonce —

'nonce-MGJlZWFjMmMtMTYyYi00ODg0LThkNjItM2YzZGNkNDAwM2Fh'

script-src Host —

*.userback.io

ASN | HETZNER-CLOUD3-AS Hetzner Online GmbH

script-src Host

Google Hosted Libraries

ajax.googleapis.com

script-src Host

jsDelivr

cdn.jsdelivr.net

script-src Host —

*.sitescdn.net

script-src Host —

*.conga.com.pagescdn.com

ASN | Cloudflare

script-src Host —

*.preview.pagescdn.com

script-src Host

Qualtrics

*.siteintercept.qualtrics.com

ASN | Cloudflare

script-src Host

Qualtrics

*.qualtrics.com

script-src Host

unpkg

unpkg.com

ASN | Cloudflare

style-src Keyword —

'self'

style-src Scheme —

https:

style-src Host

Google Cloud Storage

*.storage.googleapis.com

style-src Host —

*.easydita.com

ASN | Squarespace

style-src Host —

*.heretto.com

ASN | Cloudflare

style-src Host

Google Fonts

fonts.googleapis.com

style-src Keyword —

'unsafe-eval'

style-src Keyword —

'unsafe-inline'

base-uri Host —

https://documentation.conga.com

ASN | Google Cloud

Content-Security-Policy-Report-Only

No report-only CSP headers found.