Content-Security-Policy Analysis for https://ghost.snap.com

Open Cached · just now

12 directives

Content-Security-Policy

Content-Security-Policy: base-uri 'self';object-src 'self';default-src 'self';frame-src 'self' https://www.youtube.com https://player.vimeo.com https://td.doubleclick.net https://docs.google.com https://form.asana.com;media-src 'self' https://storage.googleapis.com;block-all-mixed-content;style-src 'self' 'unsafe-inline' blob: https://*.sc-cdn.net https://storage.googleapis.com https://fonts.googleapis.com https://web-platform.snap.com https://ka-p.fontawesome.com https://form.asana.com;img-src 'self' https://www.google-analytics.com https://storage.googleapis.com https://www.snapchat.com data: https://storage.cloud.google.com https://images.ctfassets.net https://cf-st.sc-cdn.net https://lens-preview-storage.storage.googleapis.com https://img.youtube.com https://i.vimeocdn.com;script-src 'self' 'unsafe-inline' https://esm.sh https://snap.licdn.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://static.ads-twitter.com https://www.googleadservices.com https://kit.fontawesome.com;connect-src 'self' data: https://gcp.api.snapchat.com https://staging-gcp.api.snapchat https://sentry.sc-prod.net https://www.snap.com https://www.snapchat.com https://www.google-analytics.com https://analytics.google.com https://*.supabase.co https://*.snapcloud.dev wss://*.supabase.co wss://*.snapcloud.dev https://devsnapchat.appspot.com https://kzxzz1h3kt-dsn.algolia.net https://graphql.contentful.com https://cdn.contentful.com https://api.airtable.com https://camera-kit-api.snapar.com https://ka-p.fontawesome.com https://stats.g.doubleclick.net https://app.posthog.com;font-src 'self' https://*.sc-cdn.net https://storage.googleapis.com/snap-design-system/ https://fonts.gstatic.com https://web-platform.snap.com https://kit.fontawesome.com https://ka-p.fontawesome.com;report-uri https://csp-central.appspot.com/report_csp

base-uri Keyword —

'self'

object-src Keyword —

'self'

default-src Keyword —

'self'

frame-src Keyword —

'self'

frame-src Host

YouTube

https://www.youtube.com

frame-src Host

Vimeo

https://player.vimeo.com

ASN | Cloudflare

frame-src Host

Google DoubleClick

https://td.doubleclick.net

frame-src Host

G Workspace

https://docs.google.com

frame-src Host

Asana

https://form.asana.com

media-src Keyword —

'self'

media-src Host

Google Cloud Storage

https://storage.googleapis.com

block-all-mixed-content Source —

(no sources)

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Scheme —

blob:

style-src Host —

https://*.sc-cdn.net

style-src Host

Google Cloud Storage

https://storage.googleapis.com

style-src Host

Google Fonts

https://fonts.googleapis.com

style-src Host —

https://web-platform.snap.com

ASN | Google Cloud

style-src Host

Font Awesome

https://ka-p.fontawesome.com

ASN | Cloudflare

style-src Host

Asana

https://form.asana.com

img-src Keyword —

'self'

img-src Host

Google Analytics

https://www.google-analytics.com

img-src Host

Google Cloud Storage

https://storage.googleapis.com

img-src Host

Snapchat

https://www.snapchat.com

ASN | Google Cloud

img-src Scheme —

data:

img-src Host —

https://storage.cloud.google.com

img-src Host

Contentful

https://images.ctfassets.net

img-src Host —

https://cf-st.sc-cdn.net

img-src Host

Google Cloud Storage

https://lens-preview-storage.storage.googleapis.com

img-src Host

YouTube

https://img.youtube.com

img-src Host

Vimeo

https://i.vimeocdn.com

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Host

esm.sh

https://esm.sh

ASN | Cloudflare

script-src Host

LinkedIn

https://snap.licdn.com

script-src Host

Google Tag Manager

https://tagmanager.google.com

script-src Host

Google Tag Manager

https://www.googletagmanager.com

script-src Host

Google Analytics

https://www.google-analytics.com

script-src Host

YouTube

https://www.youtube.com

script-src Host

Twitter

https://static.ads-twitter.com

script-src Host

Google Conversion Tracking

https://www.googleadservices.com

script-src Host

Font Awesome

https://kit.fontawesome.com

ASN | Cloudflare

connect-src Keyword —

'self'

connect-src Scheme —

data:

connect-src Host

Snapchat

https://gcp.api.snapchat.com

ASN | Google Cloud

connect-src Host —

https://staging-gcp.api.snapchat

connect-src Host —

https://sentry.sc-prod.net

ASN | Google Cloud

connect-src Host —

https://www.snap.com

ASN | Google Cloud

connect-src Host

Snapchat

https://www.snapchat.com

ASN | Google Cloud

connect-src Host

Google Analytics

https://www.google-analytics.com

connect-src Host

Google Analytics

https://analytics.google.com

connect-src Host

Supabase

https://*.supabase.co

connect-src Host —

https://*.snapcloud.dev

connect-src Host

Supabase

wss://*.supabase.co

connect-src Host —

wss://*.snapcloud.dev

connect-src Host —

https://devsnapchat.appspot.com

connect-src Host

Algolia

https://kzxzz1h3kt-dsn.algolia.net

connect-src Host

Contentful

https://graphql.contentful.com

connect-src Host

Contentful

https://cdn.contentful.com

connect-src Host

Airtable

https://api.airtable.com

connect-src Host —

https://camera-kit-api.snapar.com

ASN | Google Cloud

connect-src Host

Font Awesome

https://ka-p.fontawesome.com

ASN | Cloudflare

connect-src Host

Google DoubleClick

https://stats.g.doubleclick.net

connect-src Host

PostHog

https://app.posthog.com

ASN | Cloudflare

font-src Keyword —

'self'

font-src Host —

https://*.sc-cdn.net

font-src Host

Google Cloud Storage

https://storage.googleapis.com/snap-design-system/

font-src Host

Google Fonts

https://fonts.gstatic.com

font-src Host —

https://web-platform.snap.com

ASN | Google Cloud

font-src Host

Font Awesome

https://kit.fontawesome.com

ASN | Cloudflare

font-src Host

Font Awesome

https://ka-p.fontawesome.com

ASN | Cloudflare

report-uri Host —

https://csp-central.appspot.com/report_csp

Content-Security-Policy-Report-Only

No report-only CSP headers found.