Content-Security-Policy Analysis for https://my.moveworks.com

Open Cached · just now

10 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self'; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: blob: https://*.cloudinary.com https://www.google-analytics.com https://www.googletagmanager.com https://*.service-now.com https://*.moveworks.io https://*.moveworks.com https://*.walkme.com https://s3.walkmeusercontent.com https://*.pendo.io https://pendo-io-static.storage.googleapis.com https://pendo-static-5947957712322560.storage.googleapis.com https://*.bizible.com https://cdn.bizibly.com https://*.slack-edge.com https://*.amazonaws.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.zdassets.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.moveworks.com https://*.moveworks.ai https://*.moveworks.io https://*.walkme.com https://*.pendo.io https://pendo-io-static.storage.googleapis.com https://pendo-static-5947957712322560.storage.googleapis.com https://*.fullstory.com https://*.bizible.com https://*.marketo.net https://browser-intake-datadoghq.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://www.gstatic.com https://*.walkme.com https://*.pendo.io https://pendo-io-static.storage.googleapis.com https://pendo-static-5947957712322560.storage.googleapis.com https://*.moveworks.com; connect-src 'self' wss: https://*.moveworks.com https://*.moveworks.io https://*.moveworks.ai https://*.okta.com https://*.zdassets.com https://*.zendesk.com https://www.google-analytics.com https://www.googletagmanager.com https://*.walkme.com https://s3.walkmeusercontent.com https://*.pendo.io https://pendo-io-static.storage.googleapis.com https://pendo-static-5947957712322560.storage.googleapis.com https://*.fullstory.com https://*.bizible.com https://*.marketo.net https://*.mktoresp.com https://browser-intake-datadoghq.com ws:; frame-src https://*.okta.com https://*.moveworks.com https://*.moveworks.ai https://*.moveworks.io https://*.walkme.com https://*.pendo.io https://drive.google.com https://s3.walkmeusercontent.com https://www.loom.com https://*.zscaler.net https://*.zscalerone.net https://*.zscalertwo.net https://*.zscalerthree.net https://*.zscloud.net; frame-ancestors 'self' https://*.microsoft.com https://*.microsoft.us https://teams.microsoft.com.rproxy.goskope.com https://*.cloud.microsoft chrome-extension://*; worker-src 'self' blob: https://browser-intake-datadoghq.com

default-src Keyword —

'self'

font-src Keyword —

'self'

font-src Scheme —

data:

font-src Host

Google Fonts

fonts.gstatic.com

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Scheme —

blob:

img-src Host

Cloudinary

https://*.cloudinary.com

ASN | Cloudflare

img-src Host

Google Analytics

https://www.google-analytics.com

img-src Host

Google Tag Manager

https://www.googletagmanager.com

img-src Host

ServiceNow

https://*.service-now.com

ASN | SNC - SERVICENOW

img-src Host —

https://*.moveworks.io

img-src Host —

https://*.moveworks.com

img-src Host —

https://*.walkme.com

ASN | Automattic

img-src Host —

https://s3.walkmeusercontent.com

img-src Host

Pendo

https://*.pendo.io

ASN | Google Cloud

img-src Host

Google Cloud Storage

https://pendo-io-static.storage.googleapis.com

img-src Host

Google Cloud Storage

https://pendo-static-5947957712322560.storage.googleapis.com

img-src Host

Adobe Marketo

https://*.bizible.com

ASN | Cloudflare

img-src Host —

https://cdn.bizibly.com

img-src Host

Slack

https://*.slack-edge.com

img-src Host

AWS

https://*.amazonaws.com

object-src Keyword —

'self'

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host —

https://*.zdassets.com

script-src Host

Google Analytics

https://www.google-analytics.com

script-src Host

Google Tag Manager

https://www.googletagmanager.com

script-src Host

Google Static File Front End

https://www.gstatic.com

script-src Host —

https://*.moveworks.com

script-src Host —

https://*.moveworks.ai

script-src Host —

https://*.moveworks.io

script-src Host —

https://*.walkme.com

ASN | Automattic

script-src Host

Pendo

https://*.pendo.io

ASN | Google Cloud

script-src Host

Google Cloud Storage

https://pendo-io-static.storage.googleapis.com

script-src Host

Google Cloud Storage

https://pendo-static-5947957712322560.storage.googleapis.com

script-src Host

Fullstory

https://*.fullstory.com

script-src Host

Adobe Marketo

https://*.bizible.com

ASN | Cloudflare

script-src Host

Adobe Marketo

https://*.marketo.net

script-src Host

Datadog

https://browser-intake-datadoghq.com

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Google Fonts

fonts.googleapis.com

style-src Host

Google Static File Front End

https://www.gstatic.com

style-src Host —

https://*.walkme.com

ASN | Automattic

style-src Host

Pendo

https://*.pendo.io

ASN | Google Cloud

style-src Host

Google Cloud Storage

https://pendo-io-static.storage.googleapis.com

style-src Host

Google Cloud Storage

https://pendo-static-5947957712322560.storage.googleapis.com

style-src Host —

https://*.moveworks.com

connect-src Keyword —

'self'

connect-src Scheme —

wss:

connect-src Host —

https://*.moveworks.com

connect-src Host —

https://*.moveworks.io

connect-src Host —

https://*.moveworks.ai

connect-src Host

Okta

https://*.okta.com

connect-src Host —

https://*.zdassets.com

connect-src Host

Zendesk

https://*.zendesk.com

ASN | Cloudflare

connect-src Host

Google Analytics

https://www.google-analytics.com

connect-src Host

Google Tag Manager

https://www.googletagmanager.com

connect-src Host —

https://*.walkme.com

ASN | Automattic

connect-src Host —

https://s3.walkmeusercontent.com

connect-src Host

Pendo

https://*.pendo.io

ASN | Google Cloud

connect-src Host

Google Cloud Storage

https://pendo-io-static.storage.googleapis.com

connect-src Host

Google Cloud Storage

https://pendo-static-5947957712322560.storage.googleapis.com

connect-src Host

Fullstory

https://*.fullstory.com

connect-src Host

Adobe Marketo

https://*.bizible.com

ASN | Cloudflare

connect-src Host

Adobe Marketo

https://*.marketo.net

connect-src Host

Adobe Marketo

https://*.mktoresp.com

ASN | OMNITURE - Adobe Inc.

connect-src Host

Datadog

https://browser-intake-datadoghq.com

connect-src Scheme —

ws:

frame-src Host

Okta

https://*.okta.com

frame-src Host —

https://*.moveworks.com

frame-src Host —

https://*.moveworks.ai

frame-src Host —

https://*.moveworks.io

frame-src Host —

https://*.walkme.com

ASN | Automattic

frame-src Host

Pendo

https://*.pendo.io

ASN | Google Cloud

frame-src Host —

https://drive.google.com

frame-src Host —

https://s3.walkmeusercontent.com

frame-src Host

Loom

https://www.loom.com

frame-src Host

Zscaler

https://*.zscaler.net

frame-src Host

Zscaler

https://*.zscalerone.net

frame-src Host

Zscaler

https://*.zscalertwo.net

frame-src Host

Zscaler

https://*.zscalerthree.net

frame-src Host

Zscaler

https://*.zscloud.net

frame-ancestors Keyword —

'self'

frame-ancestors Host —

https://*.microsoft.com

ASN | Microsoft

frame-ancestors Host —

https://*.microsoft.us

frame-ancestors Host —

https://teams.microsoft.com.rproxy.goskope.com

ASN | NETSKOPE - Netskope Inc

frame-ancestors Host —

https://*.cloud.microsoft

ASN | Microsoft

frame-ancestors Host —

chrome-extension://*

worker-src Keyword —

'self'

worker-src Scheme —

blob:

worker-src Host

Datadog

https://browser-intake-datadoghq.com

Content-Security-Policy-Report-Only

No report-only CSP headers found.