Content-Security-Policy Analysis for https://flywheel-dispatch-operator-bugfix.us1.fleet-dev.com

Open Cached · just now

10 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self'; img-src * data: blob:; media-src *; frame-src 'self' https://*.twilio.com https://flex.twilio.com https://*.braintreegateway.com https://*.braintree-api.com https://assets.braintreegateway.com/ https://*.cardinalcommerce.com https://*.stripe.com https://*.wistia.com https://*.wistia.net https://*.googleapis.com https://*.gstatic.com https://accounts.google.com https://apis.google.com https://appleid.cdn-apple.com; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://accounts.google.com https://apis.google.com https://*.stripe.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://accounts.google.com https://apis.google.com https://*.stripe.com https://*.mapbox.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://accounts.google.com https://apis.google.com https://appleid.cdn-apple.com https://*.stripe.com https://*.mapbox.com https://*.cardinalcommerce.com https://*.wistia.com https://*.wistia.net https://proxy.csidetm.com; connect-src 'self' data: wss://preprod-svc-socket.us1.fleet-dev.com https://preprod-svc-socket.us1.fleet-dev.com https://preprod-tapi-bugfix.us1.fleet-dev.com https://*.mapbox.com https://*.wistia.com https://*.wistia.net https://*.braintreegateway.com https://*.braintree-api.com https://assets.braintreegateway.com/ https://*.googleapis.com https://*.gstatic.com https://accounts.google.com https://apis.google.com https://appleid.cdn-apple.com https://*.stripe.com https://*.cardinalcommerce.com https://*.twilio.com https://flex.twilio.com https://*.sentry.io https://*.amazonaws.com https://*.clearbit.com https://*.ipify.org https://proxy.csidetm.com https://preprod-svc-tas.us1.fleet-dev.com; worker-src 'self' blob:; object-src 'none'

default-src Keyword —

'self'

img-src Host —

*

img-src Scheme —

data:

img-src Scheme —

blob:

media-src Host —

*

frame-src Keyword —

'self'

frame-src Host —

https://*.twilio.com

frame-src Host —

https://flex.twilio.com

frame-src Host

Braintree

https://*.braintreegateway.com

frame-src Host

Braintree

https://*.braintree-api.com

frame-src Host

Braintree

https://assets.braintreegateway.com/

ASN | Cloudflare

frame-src Host —

https://*.cardinalcommerce.com

ASN | Cloudflare

frame-src Host

Stripe

https://*.stripe.com

frame-src Host

Wistia

https://*.wistia.com

frame-src Host

Wistia

https://*.wistia.net

frame-src Host

Google API JS Client

https://*.googleapis.com

frame-src Host

Google Static File Front End

https://*.gstatic.com

frame-src Host

Google Sign-In

https://accounts.google.com

frame-src Host

Google API JS Client

https://apis.google.com

frame-src Host

Apple ID

https://appleid.cdn-apple.com

font-src Keyword —

'self'

font-src Scheme —

data:

font-src Host

Google API JS Client

https://*.googleapis.com

font-src Host

Google Static File Front End

https://*.gstatic.com

font-src Host

Google Sign-In

https://accounts.google.com

font-src Host

Google API JS Client

https://apis.google.com

font-src Host

Stripe

https://*.stripe.com

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Google API JS Client

https://*.googleapis.com

style-src Host

Google Static File Front End

https://*.gstatic.com

style-src Host

Google Sign-In

https://accounts.google.com

style-src Host

Google API JS Client

https://apis.google.com

style-src Host

Stripe

https://*.stripe.com

style-src Host

Mapbox

https://*.mapbox.com

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host

Google API JS Client

https://*.googleapis.com

script-src Host

Google Static File Front End

https://*.gstatic.com

script-src Host

Google Sign-In

https://accounts.google.com

script-src Host

Google API JS Client

https://apis.google.com

script-src Host

Apple ID

https://appleid.cdn-apple.com

script-src Host

Stripe

https://*.stripe.com

script-src Host

Mapbox

https://*.mapbox.com

script-src Host —

https://*.cardinalcommerce.com

ASN | Cloudflare

script-src Host

Wistia

https://*.wistia.com

script-src Host

Wistia

https://*.wistia.net

script-src Host —

https://proxy.csidetm.com

connect-src Keyword —

'self'

connect-src Scheme —

data:

connect-src Host —

wss://preprod-svc-socket.us1.fleet-dev.com

connect-src Host —

https://preprod-svc-socket.us1.fleet-dev.com

connect-src Host —

https://preprod-tapi-bugfix.us1.fleet-dev.com

connect-src Host

Mapbox

https://*.mapbox.com

connect-src Host

Wistia

https://*.wistia.com

connect-src Host

Wistia

https://*.wistia.net

connect-src Host

Braintree

https://*.braintreegateway.com

connect-src Host

Braintree

https://*.braintree-api.com

connect-src Host

Braintree

https://assets.braintreegateway.com/

ASN | Cloudflare

connect-src Host

Google API JS Client

https://*.googleapis.com

connect-src Host

Google Static File Front End

https://*.gstatic.com

connect-src Host

Google Sign-In

https://accounts.google.com

connect-src Host

Google API JS Client

https://apis.google.com

connect-src Host

Apple ID

https://appleid.cdn-apple.com

connect-src Host

Stripe

https://*.stripe.com

connect-src Host —

https://*.cardinalcommerce.com

ASN | Cloudflare

connect-src Host —

https://*.twilio.com

connect-src Host —

https://flex.twilio.com

connect-src Host

Sentry

https://*.sentry.io

ASN | Google Cloud

connect-src Host

AWS

https://*.amazonaws.com

connect-src Host

ClearBit

https://*.clearbit.com

connect-src Host

ipify

https://*.ipify.org

ASN | Cloudflare

connect-src Host —

https://proxy.csidetm.com

connect-src Host —

https://preprod-svc-tas.us1.fleet-dev.com

worker-src Keyword —

'self'

worker-src Scheme —

blob:

object-src Keyword —

'none'

Content-Security-Policy-Report-Only

No report-only CSP headers found.