Content-Security-Policy Analysis for https://hsnotify.hellospoke.com

Open Cached · just now

13 directives

Content-Security-Policy

Content-Security-Policy: 
    default-src 'self';
    base-uri 'self';
    object-src 'none';
    media-src 'self' https://*.amazonaws.com;
    frame-ancestors 'self' https://*.auth0.com;
    frame-src  https://*.auth0.com  https://app.pendo.io;
    img-src 'self' data: blob: https: https://*.amazonaws.com  https://cdn.pendo.io   https://app.pendo.io
              https://pendo-static-5643527523794944.storage.googleapis.com;
    font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com  
	          https://netdna.bootstrapcdn.com  https://cdn.pendo.io;
    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://netdna.bootstrapcdn.com 
	           https://maxcdn.bootstrapcdn.com  https://cdn.pendo.io
               https://pendo-static-5643527523794944.storage.googleapis.com https://app.pendo.io;
    script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.mxpnl.com https://cdn.pendo.io 
	            https://*.pendo.io https://cdnjs.cloudflare.com
                https://www.googletagmanager.com https://static.zdassets.com https://apis.google.com https://cdn.jsdelivr.net/ https://unpkg.com
                https://static.hotjar.com https://script.hotjar.com https://www.google-analytics.com https://*.amazonaws.com https://cdn.mxpnl.com
                https://cdn.pendo.io https://*.pendo.io https://pendo-static-5643527523794944.storage.googleapis.com https://hellospoke.zendesk.com https://*.zendesk.com https://pod-19-sunco-ws.zendesk.com;
    connect-src 'self' https://*.hellospoke.com
                 https://api.mixpanel.com https://decide.mixpanel.com https://*.mixpanel.com
                 https://data.pendo.io https://*.pendo.io wss://*.pendo.io  
                 https://hellospoke.zendesk.com https://pod-19-sunco-ws.zendesk.com https://*.zendesk.com https://ekr.zdassets.com  https://www.google-analytics.com https://*.auth0.com
                 https://vc.hotjar.io https://*.hotjar.com https://*.hotjar.io https://*.hellospoke.com https://*.hellospoke.com:4242
                 wss://*.hellospoke.com:4242 wss://*.hellospoke.com https://*.amazonaws.com;
    worker-src 'self' blob:;
    upgrade-insecure-requests;

default-src Keyword —

'self'

base-uri Keyword —

'self'

object-src Keyword —

'none'

media-src Keyword —

'self'

media-src Host

AWS

https://*.amazonaws.com

frame-ancestors Keyword —

'self'

frame-ancestors Host

Auth0

https://*.auth0.com

ASN | Cloudflare

frame-src Host

Auth0

https://*.auth0.com

ASN | Cloudflare

frame-src Host

Pendo

https://app.pendo.io

ASN | Google Cloud

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Scheme —

blob:

img-src Scheme —

https:

img-src Host

AWS

https://*.amazonaws.com

img-src Host

Pendo

https://cdn.pendo.io

ASN | Google Cloud

img-src Host

Pendo

https://app.pendo.io

ASN | Google Cloud

img-src Host

Google Cloud Storage

https://pendo-static-5643527523794944.storage.googleapis.com

font-src Keyword —

'self'

font-src Scheme —

data:

font-src Host

Google Fonts

https://fonts.gstatic.com

font-src Host

BootstrapCDN

https://maxcdn.bootstrapcdn.com

ASN | Cloudflare

font-src Host

BootstrapCDN

https://netdna.bootstrapcdn.com

ASN | Cloudflare

font-src Host

Pendo

https://cdn.pendo.io

ASN | Google Cloud

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Google Fonts

https://fonts.googleapis.com

style-src Host

BootstrapCDN

https://netdna.bootstrapcdn.com

ASN | Cloudflare

style-src Host

BootstrapCDN

https://maxcdn.bootstrapcdn.com

ASN | Cloudflare

style-src Host

Pendo

https://cdn.pendo.io

ASN | Google Cloud

style-src Host

Google Cloud Storage

https://pendo-static-5643527523794944.storage.googleapis.com

style-src Host

Pendo

https://app.pendo.io

ASN | Google Cloud

script-src Keyword —

'self'

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host

Mixpanel

https://cdn.mxpnl.com

ASN | Google Cloud

script-src Host

Pendo

https://cdn.pendo.io

ASN | Google Cloud

script-src Host

Pendo

https://*.pendo.io

ASN | Google Cloud

script-src Host

Cloudflare CDNJS

https://cdnjs.cloudflare.com

ASN | Cloudflare

script-src Host

Google Tag Manager

https://www.googletagmanager.com

script-src Host

Zendesk

https://static.zdassets.com

ASN | Cloudflare

script-src Host

Google API JS Client

https://apis.google.com

script-src Host

jsDelivr

https://cdn.jsdelivr.net/

script-src Host

unpkg

https://unpkg.com

ASN | Cloudflare

script-src Host

Hotjar

https://static.hotjar.com

script-src Host

Hotjar

https://script.hotjar.com

script-src Host

Google Analytics

https://www.google-analytics.com

script-src Host

AWS

https://*.amazonaws.com

script-src Host

Mixpanel

https://cdn.mxpnl.com

ASN | Google Cloud

script-src Host

Pendo

https://cdn.pendo.io

ASN | Google Cloud

script-src Host

Pendo

https://*.pendo.io

ASN | Google Cloud

script-src Host

Google Cloud Storage

https://pendo-static-5643527523794944.storage.googleapis.com

script-src Host

Zendesk

https://hellospoke.zendesk.com

ASN | Cloudflare

script-src Host

Zendesk

https://*.zendesk.com

ASN | Cloudflare

script-src Host

Zendesk

https://pod-19-sunco-ws.zendesk.com

ASN | Cloudflare

connect-src Keyword —

'self'

connect-src Host —

https://*.hellospoke.com

ASN | DREAMHOST-AS - New Dream Network, LLC

connect-src Host

Mixpanel

https://api.mixpanel.com

ASN | Google Cloud

connect-src Host

Mixpanel

https://decide.mixpanel.com

ASN | Google Cloud

connect-src Host

Mixpanel

https://*.mixpanel.com

ASN | Google Cloud

connect-src Host

Pendo

https://data.pendo.io

ASN | Google Cloud

connect-src Host

Pendo

https://*.pendo.io

ASN | Google Cloud

connect-src Host

Pendo

wss://*.pendo.io

ASN | Google Cloud

connect-src Host

Zendesk

https://hellospoke.zendesk.com

ASN | Cloudflare

connect-src Host

Zendesk

https://pod-19-sunco-ws.zendesk.com

ASN | Cloudflare

connect-src Host

Zendesk

https://*.zendesk.com

ASN | Cloudflare

connect-src Host —

https://ekr.zdassets.com

ASN | Cloudflare

connect-src Host

Google Analytics

https://www.google-analytics.com

connect-src Host

Auth0

https://*.auth0.com

ASN | Cloudflare

connect-src Host

Hotjar

https://vc.hotjar.io

connect-src Host

Hotjar

https://*.hotjar.com

connect-src Host

Hotjar

https://*.hotjar.io

connect-src Host —

https://*.hellospoke.com

ASN | DREAMHOST-AS - New Dream Network, LLC

connect-src Host —

https://*.hellospoke.com:4242

ASN | DREAMHOST-AS - New Dream Network, LLC

connect-src Host —

wss://*.hellospoke.com:4242

ASN | DREAMHOST-AS - New Dream Network, LLC

connect-src Host —

wss://*.hellospoke.com

ASN | DREAMHOST-AS - New Dream Network, LLC

connect-src Host

AWS

https://*.amazonaws.com

worker-src Keyword —

'self'

worker-src Scheme —

blob:

upgrade-insecure-requests Source —

(no sources)

Content-Security-Policy-Report-Only

No report-only CSP headers found.