Content-Security-Policy Analysis for https://getunblocked.com

Open Cached · just now

10 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self' https://*.clarity.ms https://c.bing.com https://*.liadm.com; img-src blob: data: https: https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://google.com; media-src https: data:; style-src 'unsafe-inline' https:; script-src 'nonce-loXT4NFM1k0JQ2fF2SgSaw==' 'self' https://*.youtube.com https://s.ytimg.com https://*.googletagmanager.com https://*.intercom.io https://*.intercomcdn.com https://*.licdn.com https://*.redditstatic.com https://js.stripe.com https://*.js.stripe.com https://*.googleapis.com https://cdn.jsdelivr.net https://assets.calendly.com https://ddwl4m2hdecbv.cloudfront.net/b/ https://b-code.liadm.com/lc2.js https://rp.liadm.com https://idx.liadm.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net; worker-src 'self' blob:; child-src 'self' blob:; frame-src https://*.youtube.com https://*.youtube-nocookie.com https://*.js.stripe.com https://js.stripe.com https://hooks.stripe.com https://app.vidzflow.com https://calendly.com https://www.googletagmanager.com https://server-side-tagging-utgfdtapza-uc.a.run.app; connect-src 'self' https://user-assets-prod-us-west-2.s3.us-west-2.amazonaws.com https://*.google-analytics.com https://*.intercom.io https://*.intercomcdn.com https://*.sentry.io wss://*.intercom.io https://user-image-assets-prod-us-west-2.s3.us-west-2.amazonaws.com https://*.licdn.com https://*.ads.linkedin.com https://ads.reddit.com https://*.redditstatic.com https://pixel-config.reddit.com https://maps.googleapis.com https://api.stripe.com https://use.typekit.net https://pro.ip-api.com https://alocdn.com/c/vn3d8u2u/a/xtarget/p.json https://*.liadm.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://a.usbrowserspeed.com https://server-side-tagging-utgfdtapza-uc.a.run.app https://www.google.com/ccm/collect https://t.co https://analytics.twitter.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://google.com; font-src 'self' data: *

default-src Keyword —

'self'

default-src Host

Microsoft Clarity

https://*.clarity.ms

ASN | Microsoft

default-src Host

Bing

https://c.bing.com

ASN | Microsoft

default-src Host —

https://*.liadm.com

img-src Scheme —

blob:

img-src Scheme —

data:

img-src Scheme —

https:

img-src Host

Google Tag Manager

https://www.googletagmanager.com

img-src Host

Google DoubleClick

https://googleads.g.doubleclick.net

img-src Host

Google Search

https://www.google.com

img-src Host

Google AdSense

https://pagead2.googlesyndication.com

img-src Host

Google Conversion Tracking

https://www.googleadservices.com

img-src Host

Google Search

https://google.com

media-src Scheme —

https:

media-src Scheme —

data:

style-src Keyword —

'unsafe-inline'

style-src Scheme —

https:

script-src Nonce —

'nonce-loXT4NFM1k0JQ2fF2SgSaw=='

script-src Keyword —

'self'

script-src Host

YouTube

https://*.youtube.com

script-src Host

YouTube

https://s.ytimg.com

script-src Host

Google Tag Manager

https://*.googletagmanager.com

script-src Host

Intercom

https://*.intercom.io

script-src Host

Intercom

https://*.intercomcdn.com

script-src Host

LinkedIn

https://*.licdn.com

script-src Host

Reddit

https://*.redditstatic.com

script-src Host

Stripe

https://js.stripe.com

script-src Host

Stripe

https://*.js.stripe.com

script-src Host

Google API JS Client

https://*.googleapis.com

script-src Host

jsDelivr

https://cdn.jsdelivr.net

script-src Host

Calendly

https://assets.calendly.com

ASN | Cloudflare

script-src Host

AWS CloudFront

https://ddwl4m2hdecbv.cloudfront.net/b/

script-src Host —

https://b-code.liadm.com/lc2.js

script-src Host —

https://rp.liadm.com

script-src Host —

https://idx.liadm.com

script-src Host

Google Conversion Tracking

https://www.googleadservices.com

script-src Host

Google Search

https://www.google.com

script-src Host

Google AdSense

https://pagead2.googlesyndication.com

script-src Host

Google DoubleClick

https://googleads.g.doubleclick.net

worker-src Keyword —

'self'

worker-src Scheme —

blob:

child-src Keyword —

'self'

child-src Scheme —

blob:

frame-src Host

YouTube

https://*.youtube.com

frame-src Host

YouTube

https://*.youtube-nocookie.com

frame-src Host

Stripe

https://*.js.stripe.com

frame-src Host

Stripe

https://js.stripe.com

frame-src Host

Stripe

https://hooks.stripe.com

frame-src Host —

https://app.vidzflow.com

ASN | Cloudflare

frame-src Host

Calendly

https://calendly.com

ASN | Cloudflare

frame-src Host

Google Tag Manager

https://www.googletagmanager.com

frame-src Host

Google Cloud Run

https://server-side-tagging-utgfdtapza-uc.a.run.app

ASN | Google Cloud

connect-src Keyword —

'self'

connect-src Host

AWS

https://user-assets-prod-us-west-2.s3.us-west-2.amazonaws.com

connect-src Host

Google Analytics

https://*.google-analytics.com

connect-src Host

Intercom

https://*.intercom.io

connect-src Host

Intercom

https://*.intercomcdn.com

connect-src Host

Sentry

https://*.sentry.io

ASN | Google Cloud

connect-src Host

Intercom

wss://*.intercom.io

connect-src Host

AWS

https://user-image-assets-prod-us-west-2.s3.us-west-2.amazonaws.com

connect-src Host

LinkedIn

https://*.licdn.com

connect-src Host

LinkedIn

https://*.ads.linkedin.com

connect-src Host

Reddit

https://ads.reddit.com

connect-src Host

Reddit

https://*.redditstatic.com

connect-src Host

Reddit

https://pixel-config.reddit.com

connect-src Host

Google Maps

https://maps.googleapis.com

connect-src Host

Stripe

https://api.stripe.com

connect-src Host

Adobe Fonts (Typekit)

https://use.typekit.net

connect-src Host

IP-API

https://pro.ip-api.com

ASN | AS-GLOBALTELEHOST - GTHost

connect-src Host —

https://alocdn.com/c/vn3d8u2u/a/xtarget/p.json

connect-src Host —

https://*.liadm.com

connect-src Host

AWS API Gateway

https://9xgnrndqve.execute-api.us-west-2.amazonaws.com

connect-src Host —

https://a.usbrowserspeed.com

connect-src Host

Google Cloud Run

https://server-side-tagging-utgfdtapza-uc.a.run.app

ASN | Google Cloud

connect-src Host

Google Conversion Tracking

https://www.google.com/ccm/collect

connect-src Host

Twitter

https://t.co

ASN | Cloudflare

connect-src Host

Twitter

https://analytics.twitter.com

ASN | Cloudflare

connect-src Host

Google AdSense

https://pagead2.googlesyndication.com

connect-src Host

Google Conversion Tracking

https://www.googleadservices.com

connect-src Host

Google DoubleClick

https://googleads.g.doubleclick.net

connect-src Host

Google Search

https://www.google.com

connect-src Host

Google Search

https://google.com

font-src Keyword —

'self'

font-src Scheme —

data:

font-src Host —

*

Content-Security-Policy-Report-Only

No report-only CSP headers found.