Content-Security-Policy Analysis for https://pros.com

Open Cached · just now

10 directives

Content-Security-Policy

Content-Security-Policy: default-src https: https://*.wistia.com https://*.wistia.net wss://ufa.uberflip.com https://*.marketo.com https://*.marketo.net; img-src * data:; font-src * data:; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.pcdn.co; worker-src 'self' blob:; child-src 'self' blob: cdn.lottielab.com cdnapisec.kaltura.com *.adoberesources.net *.metadata.io *.wistia.com *.wistia.net *.marketo.com *.marketo.net youtube.com www.youtube.com s7.addthis.com *.transistor.fm *.google.com *.pros.com www.iorad.com connect.facebook.net 4x8oo3.axshare.com s.company-target.com *.googletagmanager.com info.conga.com; script-src 'self' 'unsafe-eval' connect.facebook.net *.googletagmanager.com *.adoberesources.net *.metadata.io *.demandbase.com *.google-analytics.com *.cookielaw.org *.licdn.com *.crazyegg.com *.cloudfront.net *.onetrust.com *.marketo.com g2.com *.g2.com *.marketo.net *.leadspace.com *.wistia.com *.wistia.net cdnjs.cloudflare.com cdn.jsdelivr.net scout-cdn.salesloft.com content.cdntwrk.com *.addthis.com *.uberflip.com *.addthisedge.com z.moatads.com ml314.com *.ml314.com *.googleoptimize.com *.google.com ajax.googleapis.com *.pros.com uberflip.cdntwrk.com *.pcdn.co code.createjs.com *.sprinklr.com analytics.funnelfuel.io yoast.com abm-tracking.demandscience.com tracking.contanuity.com www.youtube.com tracking.g2crowd.com www.redditstatic.com googleads.g.doubleclick.net api.teknkl.com info.conga.com www.gstatic.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com content.cdntwrk.com cihost.uberflip.com maxcdn.bootstrapcdn.com use.fontawesome.com pros.com hello.myfonts.net *.uberflip.com *.google.com app-abj.marketo.com *.marketo.com *.marketo.net *.pros.com *.pcdn.co *.sprinklr.com rlcdn.com *.crazyegg.com cdnjs.cloudflare.com use.typekit.net *.typekit.net info.conga.com; sandbox allow-scripts allow-same-origin allow-forms allow-popups allow-downloads allow-modals allow-popups-to-escape-sandbox; connect-src 'self' https: wss://ufa.uberflip.com wss://project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io;

default-src Scheme —

https:

default-src Host

Wistia

https://*.wistia.com

default-src Host

Wistia

https://*.wistia.net

default-src Host

Uberflip

wss://ufa.uberflip.com

default-src Host

Adobe Marketo

https://*.marketo.com

ASN | Cloudflare

default-src Host

Adobe Marketo

https://*.marketo.net

img-src Host —

*

img-src Scheme —

data:

font-src Host —

*

font-src Scheme —

data:

media-src Keyword —

'self'

media-src Scheme —

blob:

media-src Scheme —

data:

media-src Host

Wistia

*.wistia.com

media-src Host

Wistia

*.wistia.net

media-src Host

Akamai

embedwistia-a.akamaihd.net

media-src Host —

*.pcdn.co

worker-src Keyword —

'self'

worker-src Scheme —

blob:

child-src Keyword —

'self'

child-src Scheme —

blob:

child-src Host —

cdn.lottielab.com

ASN | Cloudflare

child-src Host

Kaltura

cdnapisec.kaltura.com

child-src Host —

*.adoberesources.net

child-src Host

Metadata.io

*.metadata.io

ASN | Cloudflare

child-src Host

Wistia

*.wistia.com

child-src Host

Wistia

*.wistia.net

child-src Host

Adobe Marketo

*.marketo.com

ASN | Cloudflare

child-src Host

Adobe Marketo

*.marketo.net

child-src Host

YouTube

youtube.com

child-src Host

YouTube

www.youtube.com

child-src Host —

s7.addthis.com

child-src Host —

*.transistor.fm

child-src Host

Google Search

*.google.com

child-src Host —

*.pros.com

child-src Host —

www.iorad.com

ASN | DigitalOcean

child-src Host

Facebook

connect.facebook.net

child-src Host —

4x8oo3.axshare.com

child-src Host —

s.company-target.com

ASN | Google Cloud

child-src Host

Google Tag Manager

*.googletagmanager.com

child-src Host —

info.conga.com

ASN | Cloudflare

script-src Keyword —

'self'

script-src Keyword —

'unsafe-eval'

script-src Host

Facebook

connect.facebook.net

script-src Host

Google Tag Manager

*.googletagmanager.com

script-src Host —

*.adoberesources.net

script-src Host

Metadata.io

*.metadata.io

ASN | Cloudflare

script-src Host

Demandbase

*.demandbase.com

ASN | Cloudflare

script-src Host

Google Analytics

*.google-analytics.com

script-src Host

OneTrust

*.cookielaw.org

ASN | Cloudflare

script-src Host

LinkedIn

*.licdn.com

script-src Host

Crazy Egg

*.crazyegg.com

script-src Host

AWS CloudFront

*.cloudfront.net

script-src Host

OneTrust

*.onetrust.com

ASN | Cloudflare

script-src Host

Adobe Marketo

*.marketo.com

ASN | Cloudflare

script-src Host

G2

g2.com

ASN | Cloudflare

script-src Host

G2

*.g2.com

ASN | Cloudflare

script-src Host

Adobe Marketo

*.marketo.net

script-src Host —

*.leadspace.com

script-src Host

Wistia

*.wistia.com

script-src Host

Wistia

*.wistia.net

script-src Host

Cloudflare CDNJS

cdnjs.cloudflare.com

ASN | Cloudflare

script-src Host

jsDelivr

cdn.jsdelivr.net

ASN | Cloudflare

script-src Host

SalesLoft

scout-cdn.salesloft.com

ASN | Cloudflare

script-src Host —

content.cdntwrk.com

script-src Host —

*.addthis.com

script-src Host

Uberflip

*.uberflip.com

ASN | Google Cloud

script-src Host —

*.addthisedge.com

script-src Host —

z.moatads.com

script-src Host —

ml314.com

ASN | Google Cloud

script-src Host —

*.ml314.com

ASN | Google Cloud

script-src Host

Google Optimize

*.googleoptimize.com

script-src Host

Google Search

*.google.com

script-src Host

Google Hosted Libraries

ajax.googleapis.com

script-src Host —

*.pros.com

script-src Host —

uberflip.cdntwrk.com

script-src Host —

*.pcdn.co

script-src Host —

code.createjs.com

script-src Host

Sprinklr

*.sprinklr.com

script-src Host

FunnelFuel

analytics.funnelfuel.io

script-src Host

Yoast

yoast.com

ASN | Cloudflare

script-src Host —

abm-tracking.demandscience.com

script-src Host —

tracking.contanuity.com

script-src Host

YouTube

www.youtube.com

script-src Host

G2

tracking.g2crowd.com

ASN | Cloudflare

script-src Host

Reddit

www.redditstatic.com

script-src Host

Google DoubleClick

googleads.g.doubleclick.net

script-src Host —

api.teknkl.com

script-src Host —

info.conga.com

ASN | Cloudflare

script-src Host

Google Static File Front End

www.gstatic.com

script-src Keyword —

'unsafe-inline'

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

jsDelivr

cdn.jsdelivr.net

ASN | Cloudflare

style-src Host

Google Fonts

fonts.googleapis.com

style-src Host —

content.cdntwrk.com

style-src Host

Uberflip

cihost.uberflip.com

style-src Host

BootstrapCDN

maxcdn.bootstrapcdn.com

ASN | Cloudflare

style-src Host

Font Awesome

use.fontawesome.com

ASN | Cloudflare

style-src Host —

pros.com

style-src Host

MyFonts

hello.myfonts.net

ASN | Cloudflare

style-src Host

Uberflip

*.uberflip.com

ASN | Google Cloud

style-src Host

Google Search

*.google.com

style-src Host

Adobe Marketo

app-abj.marketo.com

ASN | Cloudflare

style-src Host

Adobe Marketo

*.marketo.com

ASN | Cloudflare

style-src Host

Adobe Marketo

*.marketo.net

style-src Host —

*.pros.com

style-src Host —

*.pcdn.co

style-src Host

Sprinklr

*.sprinklr.com

style-src Host

Liveramp

rlcdn.com

style-src Host

Crazy Egg

*.crazyegg.com

style-src Host

Cloudflare CDNJS

cdnjs.cloudflare.com

ASN | Cloudflare

style-src Host

Adobe Fonts (Typekit)

use.typekit.net

style-src Host

Adobe Fonts (Typekit)

*.typekit.net

style-src Host —

info.conga.com

ASN | Cloudflare

sandbox Keyword —

allow-scripts

sandbox Keyword —

allow-same-origin

sandbox Keyword —

allow-forms

sandbox Keyword —

allow-popups

sandbox Keyword —

allow-downloads

sandbox Keyword —

allow-modals

sandbox Keyword —

allow-popups-to-escape-sandbox

connect-src Keyword —

'self'

connect-src Scheme —

https:

connect-src Host

Uberflip

wss://ufa.uberflip.com

connect-src Host —

wss://project-hummingbird-hummingbird-websocket-nodejs-de-112831.cloud.adobe.io

ASN | Microsoft

Content-Security-Policy-Report-Only

No report-only CSP headers found.