Content-Security-Policy Analysis for https://internal.sierra.ai

Open Cached · just now

10 directives

Content-Security-Policy

Content-Security-Policy: base-uri 'self'; default-src d138j1c6jn4qpg.cloudfront.net sierracdn.com 'self'; script-src 'nonce-6f654886-7c64-4e17-8e21-d4590e4694b5' 'strict-dynamic' https: 'unsafe-inline'; img-src d138j1c6jn4qpg.cloudfront.net sierracdn.com 'self' https://sierra.chat https://sierra.chat blob: https://*.google-analytics.com https://*.googletagmanager.com data:; frame-src https://player.vimeo.com https://www.youtube.com https://*.sierra.ai https://sierra.chat https://*.clearme.com https://*.bark.co https://drinkag1.com https://lyrahealth.oktapreview.com https://rocketpro.tfaforms.net https://*.zendesk.com https://*.withpersona.com; style-src d138j1c6jn4qpg.cloudfront.net sierracdn.com 'self' 'unsafe-inline' https://sierra.chat https://fonts.googleapis.com; connect-src 'self' d138j1c6jn4qpg.cloudfront.net sierracdn.com https://sierra.chat https://sierra.chat https://api.sierra.chat https://api-staging.sierra.chat https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://rocketpro.tfaforms.net wss://api.internal.sierra.ai https://*.gstatic.com data: https://api.sierra.chat https://sierra-prod-knowledge-ephemeral.s3.amazonaws.com https://sierra-prod-knowledge-ephemeral.s3.us-west-2.amazonaws.com https://sierra-prod-knowledge-ephemeral-us-east-2.s3.us-east-2.amazonaws.com https://sierra-prod-knowledge-ephemeral-us-east-2.s3.amazonaws.com https://sierra-prod-knowledge-ephemeral-eu-central-1.s3.eu-central-1.amazonaws.com https://sierra-prod-knowledge-ephemeral-eu-central-1.s3.amazonaws.com https://sierra-prod-knowledge-ephemeral-eu-west-1.s3.eu-west-1.amazonaws.com https://sierra-prod-knowledge-ephemeral-eu-west-1.s3.amazonaws.com https://sierra-prod-knowledge-ephemeral-ap-southeast-1.s3.ap-southeast-1.amazonaws.com https://sierra-prod-knowledge-ephemeral-ap-southeast-1.s3.amazonaws.com https://sierra-prod-knowledge-ephemeral-ap-southeast-2.s3.ap-southeast-2.amazonaws.com https://sierra-prod-knowledge-ephemeral-ap-southeast-2.s3.amazonaws.com; font-src d138j1c6jn4qpg.cloudfront.net sierracdn.com 'self' https://sierra.chat https://fonts.gstatic.com data:; frame-ancestors https://*.sierra.ai https://sierra.chat https://*.clearme.com https://*.lyrahealth.com; media-src 'self' blob: d138j1c6jn4qpg.cloudfront.net sierracdn.com

base-uri Keyword —

'self'

default-src Host

AWS CloudFront

d138j1c6jn4qpg.cloudfront.net

default-src Host —

sierracdn.com

default-src Keyword —

'self'

script-src Nonce —

'nonce-6f654886-7c64-4e17-8e21-d4590e4694b5'

script-src Keyword —

'strict-dynamic'

script-src Scheme —

https:

script-src Keyword —

'unsafe-inline'

img-src Host

AWS CloudFront

d138j1c6jn4qpg.cloudfront.net

img-src Host —

sierracdn.com

img-src Keyword —

'self'

img-src Host

Sierra

https://sierra.chat

ASN | Cloudflare

img-src Host

Sierra

https://sierra.chat

ASN | Cloudflare

img-src Scheme —

blob:

img-src Host

Google Analytics

https://*.google-analytics.com

img-src Host

Google Tag Manager

https://*.googletagmanager.com

img-src Scheme —

data:

frame-src Host

Vimeo

https://player.vimeo.com

ASN | Cloudflare

frame-src Host

YouTube

https://www.youtube.com

frame-src Host —

https://*.sierra.ai

ASN | Cloudflare

frame-src Host

Sierra

https://sierra.chat

ASN | Cloudflare

frame-src Host —

https://*.clearme.com

ASN | Cloudflare

frame-src Host —

https://*.bark.co

ASN | Cloudflare

frame-src Host —

https://drinkag1.com

frame-src Host —

https://lyrahealth.oktapreview.com

frame-src Host —

https://rocketpro.tfaforms.net

frame-src Host

Zendesk

https://*.zendesk.com

ASN | Cloudflare

frame-src Host

Persona

https://*.withpersona.com

ASN | Cloudflare

style-src Host

AWS CloudFront

d138j1c6jn4qpg.cloudfront.net

style-src Host —

sierracdn.com

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Sierra

https://sierra.chat

ASN | Cloudflare

style-src Host

Google Fonts

https://fonts.googleapis.com

connect-src Keyword —

'self'

connect-src Host

AWS CloudFront

d138j1c6jn4qpg.cloudfront.net

connect-src Host —

sierracdn.com

connect-src Host

Sierra

https://sierra.chat

ASN | Cloudflare

connect-src Host

Sierra

https://sierra.chat

ASN | Cloudflare

connect-src Host

Sierra

https://api.sierra.chat

ASN | Cloudflare

connect-src Host

Sierra

https://api-staging.sierra.chat

ASN | Cloudflare

connect-src Host

Google Analytics

https://*.google-analytics.com

connect-src Host

Google Analytics

https://*.analytics.google.com

connect-src Host

Google Tag Manager

https://*.googletagmanager.com

connect-src Host —

https://rocketpro.tfaforms.net

connect-src Host —

wss://api.internal.sierra.ai

connect-src Host

Google Static File Front End

https://*.gstatic.com

connect-src Scheme —

data:

connect-src Host

Sierra

https://api.sierra.chat

ASN | Cloudflare

connect-src Host

Amazon S3

https://sierra-prod-knowledge-ephemeral.s3.amazonaws.com

connect-src Host

AWS

https://sierra-prod-knowledge-ephemeral.s3.us-west-2.amazonaws.com

connect-src Host

AWS

https://sierra-prod-knowledge-ephemeral-us-east-2.s3.us-east-2.amazonaws.com

connect-src Host

Amazon S3

https://sierra-prod-knowledge-ephemeral-us-east-2.s3.amazonaws.com

connect-src Host

AWS

https://sierra-prod-knowledge-ephemeral-eu-central-1.s3.eu-central-1.amazonaws.com

connect-src Host

Amazon S3

https://sierra-prod-knowledge-ephemeral-eu-central-1.s3.amazonaws.com

connect-src Host

AWS

https://sierra-prod-knowledge-ephemeral-eu-west-1.s3.eu-west-1.amazonaws.com

connect-src Host

Amazon S3

https://sierra-prod-knowledge-ephemeral-eu-west-1.s3.amazonaws.com

connect-src Host

AWS

https://sierra-prod-knowledge-ephemeral-ap-southeast-1.s3.ap-southeast-1.amazonaws.com

connect-src Host

Amazon S3

https://sierra-prod-knowledge-ephemeral-ap-southeast-1.s3.amazonaws.com

connect-src Host

AWS

https://sierra-prod-knowledge-ephemeral-ap-southeast-2.s3.ap-southeast-2.amazonaws.com

connect-src Host

Amazon S3

https://sierra-prod-knowledge-ephemeral-ap-southeast-2.s3.amazonaws.com

font-src Host

AWS CloudFront

d138j1c6jn4qpg.cloudfront.net

font-src Host —

sierracdn.com

font-src Keyword —

'self'

font-src Host

Sierra

https://sierra.chat

ASN | Cloudflare

font-src Host

Google Fonts

https://fonts.gstatic.com

font-src Scheme —

data:

frame-ancestors Host —

https://*.sierra.ai

ASN | Cloudflare

frame-ancestors Host

Sierra

https://sierra.chat

ASN | Cloudflare

frame-ancestors Host —

https://*.clearme.com

ASN | Cloudflare

frame-ancestors Host —

https://*.lyrahealth.com

ASN | Cloudflare

media-src Keyword —

'self'

media-src Scheme —

blob:

media-src Host

AWS CloudFront

d138j1c6jn4qpg.cloudfront.net

media-src Host —

sierracdn.com

Content-Security-Policy-Report-Only

No report-only CSP headers found.