Content-Security-Policy Analysis for https://fleetit.com

Open Cached · just now

10 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://static.hotjar.com https://cdn2l.ink https://js.hs-scripts.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://s3-us-west-2.amazonaws.com https://connect.facebook.net https://client.crisp.chat https://snap.licdn.com https://app.useitem.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://client.crisp.chat; font-src 'self' https://fonts.gstatic.com https://client.crisp.chat data:; img-src 'self' data: https://storage.googleapis.com https://www.facebook.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google.com https://www.google.co.in https://www.googleadservices.com https://googleads.g.doubleclick.net https://forms.hsforms.com https://track.hubspot.com https://client.crisp.chat https://image.crisp.chat https://storage.crisp.chat https://cms.app.fleetit.com https://fleetit.com https://app.fleetit.com; connect-src 'self' wss://client.relay.crisp.chat https://www.google.com https://www.google.co.in https://www.googleadservices.com https://www.google-analytics.com https://analytics.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://static.hsappstatic.net https://capture-api-us.ortto.app https://metrics.hotjar.io https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.hubspot.com https://*.facebook.com https://*.crisp.chat https://storage.crisp.chat https://*.linkedin.com https://*.useitem.io https://plugin.klenty.com https://forms.hscollectedforms.net https://api.hubapi.com https://cms.app.fleetit.com https://fleetit.com https://app.fleetit.com; frame-src 'self' https://www.google.com https://www.google.co.in https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com

default-src Keyword —

'self'

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host

Google Tag Manager

https://www.googletagmanager.com

script-src Host

Google Analytics

https://www.google-analytics.com

script-src Host

Google Search

https://www.google.com

script-src Host

Google Static File Front End

https://www.gstatic.com

script-src Host

Google Conversion Tracking

https://www.googleadservices.com

script-src Host

Google DoubleClick

https://googleads.g.doubleclick.net

script-src Host

Hotjar

https://static.hotjar.com

script-src Host —

https://cdn2l.ink

script-src Host

HubSpot

https://js.hs-scripts.com

ASN | Cloudflare

script-src Host

HubSpot Analytics

https://js.hs-analytics.net

ASN | Cloudflare

script-src Host

HubSpot Forms

https://js.hscollectedforms.net

ASN | Cloudflare

script-src Host

HubSpot

https://js.hs-banner.com

ASN | Cloudflare

script-src Host

HubSpot

https://js.hsadspixel.net

ASN | Cloudflare

script-src Host

Amazon S3

https://s3-us-west-2.amazonaws.com

script-src Host

Facebook

https://connect.facebook.net

script-src Host

Crisp

https://client.crisp.chat

ASN | Cloudflare

script-src Host

LinkedIn

https://snap.licdn.com

script-src Host —

https://app.useitem.io

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Google Fonts

https://fonts.googleapis.com

style-src Host

Crisp

https://client.crisp.chat

ASN | Cloudflare

font-src Keyword —

'self'

font-src Host

Google Fonts

https://fonts.gstatic.com

font-src Host

Crisp

https://client.crisp.chat

ASN | Cloudflare

font-src Scheme —

data:

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Host

Google Cloud Storage

https://storage.googleapis.com

img-src Host

Facebook

https://www.facebook.com

img-src Host

LinkedIn

https://px.ads.linkedin.com

ASN | Microsoft

img-src Host

LinkedIn

https://px4.ads.linkedin.com

ASN | Microsoft

img-src Host

Google Search

https://www.google.com

img-src Host —

https://www.google.co.in

img-src Host

Google Conversion Tracking

https://www.googleadservices.com

img-src Host

Google DoubleClick

https://googleads.g.doubleclick.net

img-src Host

HubSpot Forms

https://forms.hsforms.com

ASN | Cloudflare

img-src Host

HubSpot

https://track.hubspot.com

ASN | Cloudflare

img-src Host

Crisp

https://client.crisp.chat

ASN | Cloudflare

img-src Host

Crisp

https://image.crisp.chat

ASN | Cloudflare

img-src Host

Crisp

https://storage.crisp.chat

ASN | Cloudflare

img-src Host —

https://cms.app.fleetit.com

ASN | Google Cloud

img-src Host —

https://fleetit.com

ASN | Google Cloud

img-src Host —

https://app.fleetit.com

ASN | Google Cloud

connect-src Keyword —

'self'

connect-src Host

Crisp

wss://client.relay.crisp.chat

ASN | DigitalOcean

connect-src Host

Google Search

https://www.google.com

connect-src Host —

https://www.google.co.in

connect-src Host

Google Conversion Tracking

https://www.googleadservices.com

connect-src Host

Google Analytics

https://www.google-analytics.com

connect-src Host

Google Analytics

https://analytics.google.com

connect-src Host

Google DoubleClick

https://googleads.g.doubleclick.net

connect-src Host

Google DoubleClick

https://stats.g.doubleclick.net

connect-src Host

HubSpot

https://static.hsappstatic.net

ASN | Cloudflare

connect-src Host —

https://capture-api-us.ortto.app

connect-src Host

Hotjar

https://metrics.hotjar.io

connect-src Host

Hotjar

https://*.hotjar.com

connect-src Host

Hotjar

https://*.hotjar.io

connect-src Host

Hotjar

wss://ws.hotjar.com

connect-src Host

HubSpot

https://*.hubspot.com

ASN | Cloudflare

connect-src Host

Facebook

https://*.facebook.com

connect-src Host

Crisp

https://*.crisp.chat

ASN | Cloudflare

connect-src Host

Crisp

https://storage.crisp.chat

ASN | Cloudflare

connect-src Host

LinkedIn

https://*.linkedin.com

ASN | Microsoft

connect-src Host —

https://*.useitem.io

connect-src Host

Klenty

https://plugin.klenty.com

ASN | Cloudflare

connect-src Host

HubSpot Forms

https://forms.hscollectedforms.net

ASN | Cloudflare

connect-src Host

HubSpot

https://api.hubapi.com

ASN | Cloudflare

connect-src Host —

https://cms.app.fleetit.com

ASN | Google Cloud

connect-src Host —

https://fleetit.com

ASN | Google Cloud

connect-src Host —

https://app.fleetit.com

ASN | Google Cloud

frame-src Keyword —

'self'

frame-src Host

Google Search

https://www.google.com

frame-src Host —

https://www.google.co.in

frame-src Host

Google Tag Manager

https://www.googletagmanager.com

frame-src Host

Facebook

https://www.facebook.com

frame-src Host

YouTube

https://www.youtube.com

frame-src Host

YouTube

https://www.youtube-nocookie.com

frame-ancestors Keyword —

'none'

base-uri Keyword —

'self'

form-action Keyword —

'self'

form-action Host

Facebook

https://www.facebook.com

Content-Security-Policy-Report-Only

No report-only CSP headers found.