Content-Security-Policy Analysis for https://pfm.com

Open Cached · just now

5 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self'  *.munite.com *.microsoft.com *.google-analytics.com *.clickdimensions.com *.msecnd.net *.hotjar.com *.vimeo.com *.jquery.com *.ajax.googleapis.com *.googletagmanager.com *.cloudflare.com *.gstatic.com *.google.com *.cloudfront.net *.bootstrapcdn.com *.doubleclick.net *.hotjar.io *.aspnetcdn.com *.telerik.com *.pfm.com *.ipify.org blob: ;font-src 'self' data: fonts.gstatic.com;img-src 'self' data: blob: ; style-src 'self' 'unsafe-inline' *.munite.com *.google-analytics.com *.microsoft.com *.googleapis.com *.msecnd.net *.clickdimensions.com *.cloudfront.net *.jquery.com *.bootstrapcdn.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.13/css/bootstrap-multiselect.css https://www.google.com/recaptcha/api.js https://www.gstatic.com *.munite.com *.microsoft.com *.www.google-analytics.com *.clickdimensions.com *.hotjar.com *.msecnd.net *.vimeo.com *.jquery.com *.bootstrapcdn.com http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.googletagmanager.com/gtag/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.13/js/bootstrap-multiselect.min.js?packageBootstrap4' *.www.google.com  *.d1f69o4buvlrj5.cloudfront.net *.googleads.g.doubleclick.net *.aspnetcdn.com *.hotjar.io *.telerik.com *.pfm.com https://www.google-analytics.com/analytics.js https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery.touchswipe/1.6.18/jquery.touchSwipe.min.js;

default-src Keyword —

'self'

default-src Host —

*.munite.com

default-src Host —

*.microsoft.com

ASN | Microsoft

default-src Host

Google Analytics

*.google-analytics.com

default-src Host —

*.clickdimensions.com

default-src Host

Microsoft Azure

*.msecnd.net

default-src Host

Hotjar

*.hotjar.com

default-src Host

Vimeo

*.vimeo.com

ASN | Cloudflare

default-src Host

jQuery

*.jquery.com

ASN | Cloudflare

default-src Host

Google Hosted Libraries

*.ajax.googleapis.com

default-src Host

Google Tag Manager

*.googletagmanager.com

default-src Host

Cloudflare CDN

*.cloudflare.com

ASN | Cloudflare

default-src Host

Google Static File Front End

*.gstatic.com

default-src Host

Google Search

*.google.com

default-src Host

AWS CloudFront

*.cloudfront.net

default-src Host

BootstrapCDN

*.bootstrapcdn.com

ASN | Cloudflare

default-src Host

Google DoubleClick

*.doubleclick.net

default-src Host

Hotjar

*.hotjar.io

default-src Host —

*.aspnetcdn.com

default-src Host —

*.telerik.com

ASN | Cloudflare

default-src Host —

*.pfm.com

ASN | Microsoft

default-src Host

ipify

*.ipify.org

ASN | Cloudflare

default-src Scheme —

blob:

font-src Keyword —

'self'

font-src Scheme —

data:

font-src Host

Google Fonts

fonts.gstatic.com

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Scheme —

blob:

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host —

*.munite.com

style-src Host

Google Analytics

*.google-analytics.com

style-src Host —

*.microsoft.com

ASN | Microsoft

style-src Host

Google API JS Client

*.googleapis.com

style-src Host

Microsoft Azure

*.msecnd.net

style-src Host —

*.clickdimensions.com

style-src Host

AWS CloudFront

*.cloudfront.net

style-src Host

jQuery

*.jquery.com

ASN | Cloudflare

style-src Host

BootstrapCDN

*.bootstrapcdn.com

ASN | Cloudflare

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host

Cloudflare CDNJS

https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.13/css/bootstrap-multiselect.css

ASN | Cloudflare

script-src Host

Google reCAPTCHA

https://www.google.com/recaptcha/api.js

script-src Host

Google Static File Front End

https://www.gstatic.com

script-src Host —

*.munite.com

script-src Host —

*.microsoft.com

ASN | Microsoft

script-src Host

Google Analytics

*.www.google-analytics.com

script-src Host —

*.clickdimensions.com

script-src Host

Hotjar

*.hotjar.com

script-src Host

Microsoft Azure

*.msecnd.net

script-src Host

Vimeo

*.vimeo.com

ASN | Cloudflare

script-src Host

jQuery

*.jquery.com

ASN | Cloudflare

script-src Host

BootstrapCDN

*.bootstrapcdn.com

ASN | Cloudflare

script-src Host

Google Hosted Libraries

http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js

script-src Host

Google Tag Manager

https://www.googletagmanager.com/gtag/

script-src Host

Cloudflare CDNJS

https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.13/js/bootstrap-multiselect.min.js?packageBootstrap4'

ASN | Cloudflare

script-src Host

Google Search

*.www.google.com

script-src Host

AWS CloudFront

*.d1f69o4buvlrj5.cloudfront.net

script-src Host

Google DoubleClick

*.googleads.g.doubleclick.net

script-src Host —

*.aspnetcdn.com

script-src Host

Hotjar

*.hotjar.io

script-src Host —

*.telerik.com

ASN | Cloudflare

script-src Host —

*.pfm.com

ASN | Microsoft

script-src Host

Google Analytics

https://www.google-analytics.com/analytics.js

script-src Host

Google Hosted Libraries

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

script-src Host

Cloudflare CDNJS

https://cdnjs.cloudflare.com/ajax/libs/jquery.touchswipe/1.6.18/jquery.touchSwipe.min.js

ASN | Cloudflare

Content-Security-Policy-Report-Only

No report-only CSP headers found.