Content-Security-Policy Analysis for https://roadmap.codacy.com

Open Cached · just now

13 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self'; base-uri optimize.google.com; child-src *.stripe.com *.wistia.com *.wistia.net *.doubleclick.net *.productboard.com *.marketo.com optimize.google.com *.hotjar.com *.figma.com *.loom.com miro.com *.mural.co *.youtube.com *.google.com; connect-src 'self' cdn.productboard.com nucleus.productboard.net *.productboard.info *.pusher.com wss://*.pusher.com wss://ws.pusherapp.com:443 wss://ws.pusherapp.com ana-api.productboard.com *.segment.io *.segment.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io api-iam.intercom.io *.intercomcdn.com api.sprig.com *.typekit.net api.mixpanel.com *.fullstory.com fullstory.com *.wistia.com *.facebook.com api.trello.com embedwistia-a.akamaihd.net heapanalytics.com *.googlesyndication.com *.google.com www.google-analytics.com *.litix.io *.clearbit.com *.mktoresp.com *.launchdarkly.com *.hotjar.com wss://*.hotjar.com *.ingest.sentry.io *.datadoghq.com *.browser-intake-datadoghq.com api-js.mixpanel.com api.amplitude.com api2.amplitude.com platformapi.metadata.io/insight directory.cookieyes.com/geoip/checker/result.php geoip.cookieyes.com/geoip/checker/result.php active.cookieyes.com/api/15c129b68a4e12b799f6926d/log cdn-cookieyes.com/client_data/15c129b68a4e12b799f6926d/ consentlog.cookieyes.com/api/v1/log log.cookieyes.com/api/v1/log *.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com productboard.zendesk.com api.iterative.ly *.leadmanagerfx.com *.6sc.co *.adnxs.com events.rm-api.com app.satismeter.com cdn.cookielaw.org *.onetrust.com *.onetrust.io *.linkedin.com api.churnkey.co api.privacy-center.org; font-src 'self' cdn.productboard.com data: use.typekit.net fonts.typekit.net *.intercomcdn.com *.wistia.com heapanalytics.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com; frame-src *.stripe.com *.wistia.com *.wistia.net *.doubleclick.net *.productboard.com *.marketo.com optimize.google.com *.hotjar.com *.figma.com *.loom.com miro.com *.mural.co *.youtube.com *.google.com; img-src * data:; media-src 'self' data: blob: *.intercomcdn.com embedwistia-a.akamaihd.net *.wistia.com cdn.productboard.com nucleus.productboard.net *.zdassets.com; object-src 'none'; script-src 'strict-dynamic' 'self' cdn.productboard.com cdn.productboard.info blob: *.stripe.com use.typekit.net *.jquery.com unpkg.com/[email protected]/dist/es6-promise.min.js unpkg.com/[email protected]/fetch.js ana-api.productboard.com ana-cdn.productboard.com *.segment.com *.intercom.io *.intercomcdn.com cdn.sprig.com google-analytics.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com www.google.com optimize.google.com *.doubleclick.net cdn.heapanalytics.com heapanalytics.com cdn.mxpnl.com connect.facebook.net *.fullstory.com fullstory.com *.wistia.com *.wistia.net src.litix.io/core/2/mux.js *.hotjar.com *.ads-twitter.com *.licdn.com *.linkedin.com cdn.linkedin.oribi.io *.twitter.com d3pkntwtp2ukl5.cloudfront.net/uba.js t.unbounce.com pi.pardot.com *.clearbit.com clearbitjs.com *.marketo.net *.marketo.com *.productboard.com *.productboard.info ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js platformapi.metadata.io/insight *.zdassets.com *.6sc.co sdk.privacy-center.org 'sha256-1xtiB6mV1iIKZ5iz9CxA5lEnfEg8d0XEH3FL9L8NBqo=' 'sha256-JGNwU22sBNi7NDHL+wqlwIkC2JuuTqj3HSN50ociTRE=' 'sha256-aOTKS02cS1DYFDvnu05wssg6XS9PRp/dixdxdVh7ioI=' 'sha256-b9Ie95nOvwhEe9Hi9+dwQCZpCP7ZywQsClRCch8DMSw=' 'sha256-Jb0wOdCesDXxdafb67AmmRPkiiHRSjffdBYCqWytm/k=' 'sha256-wQru5sxHShlWpxT/nwecizNBThR4K8PhqVyc2mlJm7M=' 'sha256-1PNzWOuCr8g+upenwNprAOn3WZVu0HWomIWLsWX+rLg=' 'sha256-ZOa8X2G5qWRs9CiZ5FwQHOad+GnOtYuzGbe3Dt+OL/Q=' 'sha256-i9zis99gljeSD8jnXB7X1lGn51dh7FicTdU03wURvbE=' 'sha256-AAIyCeNkVoMxZQ/5yfTz/BG5v3Ib8KAmuVoTp+Q7psw=' 'sha256-a5kmznv6Sbv8b6fgtyyendMenyUkmGCFnqtvBufglCU=' 'sha256-7zBOkhS2vzHAGaz4pZ7r/FtCmEQ5bNIdVD/yOUnpgnM=' 'sha256-yhgBXYVXKRAhO8Vrs6nLnyx65xWIhNfJvDZuVpNDJbc=' 'sha256-wtAC4tcF3bmes4SrLnCIrvVVUhmyOlnIJAiZGqRWpbg=' 'sha256-9BQpJeeygWRbL7KAwJe4fSWvTuoLqh44ZNMdnD4PHro=' 'sha256-Tai0i/czjnslnZ2EDknVR5V9so039TbnC8mOBg+MmAU=' 'sha256-vK0+VSmPSv66WlmxQYMr/nW0KaajgkHdOnI8gB6soPA=' 'sha256-ajy9PYUtpzQkoj8ZgAmYVLwn8Qo71bhmx/YND44uy2w=' 'sha256-oagjFrRKVmNSOzTEo+ojTMeuFF7QrrKYHe3aVKBtFCo=' 'nonce-k3hfC0FqHQAayxCTPRNop9M9dTG4+DMIw1h1oCiWozo='; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com use.typekit.net p.typekit.net cdn.productboard.com cdn.productboard.info heapanalytics.com maxcdn.bootstrapcdn.com *.marketo.com info.productboard.com optimize.google.com assets.churnkey.co; worker-src 'self' blob:; report-uri /csp_report

default-src Keyword —

'self'

base-uri Host

Google Optimize

optimize.google.com

ASN | Google

child-src Host

Stripe

*.stripe.com

ASN | Amazon

child-src Host

Wistia

*.wistia.com

ASN | Fastly

child-src Host

Wistia

*.wistia.net

child-src Host

Google DoubleClick

*.doubleclick.net

ASN | Google

child-src Host —

*.productboard.com

ASN | Amazon

child-src Host

Adobe Marketo

*.marketo.com

ASN | Cloudflare

child-src Host

Google Optimize

optimize.google.com

ASN | Google

child-src Host

Hotjar

*.hotjar.com

ASN | Amazon

child-src Host

Figma

*.figma.com

ASN | Amazon

child-src Host

Loom

*.loom.com

ASN | Amazon

child-src Host

Miro

miro.com

ASN | Amazon

child-src Host —

*.mural.co

ASN | Cloudflare

child-src Host

YouTube

*.youtube.com

ASN | Google

child-src Host

Google Search

*.google.com

ASN | Google

connect-src Keyword —

'self'

connect-src Host —

cdn.productboard.com

ASN | Amazon

connect-src Host —

nucleus.productboard.net

ASN | Cloudflare

connect-src Host —

*.productboard.info

ASN | Amazon

connect-src Host

Pusher

*.pusher.com

ASN | Amazon

connect-src Host

Pusher

wss://*.pusher.com

ASN | Amazon

connect-src Host

Pusher

wss://ws.pusherapp.com:443

ASN | Amazon

connect-src Host

Pusher

wss://ws.pusherapp.com

ASN | Amazon

connect-src Host —

ana-api.productboard.com

ASN | Cloudflare

connect-src Host

Segment

*.segment.io

ASN | Amazon

connect-src Host

Segment

*.segment.com

ASN | Amazon

connect-src Host

Intercom

nexus-websocket-a.intercom.io

ASN | Amazon

connect-src Host

Intercom

nexus-websocket-b.intercom.io

ASN | Amazon

connect-src Host

Intercom

wss://nexus-websocket-a.intercom.io

ASN | Amazon

connect-src Host

Intercom

wss://nexus-websocket-b.intercom.io

ASN | Amazon

connect-src Host

Intercom

nexus-long-poller-a.intercom.io

connect-src Host

Intercom

nexus-long-poller-b.intercom.io

connect-src Host

Intercom

api-iam.intercom.io

ASN | Amazon

connect-src Host

Intercom

*.intercomcdn.com

ASN | Amazon

connect-src Host

Sprig

api.sprig.com

ASN | Amazon

connect-src Host

Adobe Fonts (Typekit)

*.typekit.net

connect-src Host

Mixpanel

api.mixpanel.com

ASN | Google Cloud

connect-src Host

Fullstory

*.fullstory.com

ASN | Amazon

connect-src Host

Fullstory

fullstory.com

ASN | Amazon

connect-src Host

Wistia

*.wistia.com

ASN | Fastly

connect-src Host

Facebook

*.facebook.com

ASN | Facebook

connect-src Host —

api.trello.com

ASN | Amazon

connect-src Host

Akamai

embedwistia-a.akamaihd.net

ASN | Akamai

connect-src Host

Heap

heapanalytics.com

ASN | Amazon

connect-src Host

Google AdSense

*.googlesyndication.com

ASN | Google

connect-src Host

Google Search

*.google.com

ASN | Google

connect-src Host

Google Analytics

www.google-analytics.com

ASN | Google

connect-src Host —

*.litix.io

connect-src Host

ClearBit

*.clearbit.com

ASN | Amazon

connect-src Host

Adobe Marketo

*.mktoresp.com

ASN | OMNITURE - Adobe Inc.

connect-src Host

LaunchDarkly

*.launchdarkly.com

ASN | Amazon

connect-src Host

Hotjar

*.hotjar.com

ASN | Amazon

connect-src Host

Hotjar

wss://*.hotjar.com

ASN | Amazon

connect-src Host

Sentry

*.ingest.sentry.io

connect-src Host

Datadog

*.datadoghq.com

ASN | Amazon

connect-src Host

Datadog

*.browser-intake-datadoghq.com

ASN | Amazon

connect-src Host

Mixpanel

api-js.mixpanel.com

ASN | Google Cloud

connect-src Host

Amplitude

api.amplitude.com

ASN | Amazon

connect-src Host

Amplitude

api2.amplitude.com

ASN | Amazon

connect-src Host

Metadata.io

platformapi.metadata.io/insight

ASN | Amazon

connect-src Host

CookieYes

directory.cookieyes.com/geoip/checker/result.php

ASN | Cloudflare

connect-src Host

CookieYes

geoip.cookieyes.com/geoip/checker/result.php

ASN | Cloudflare

connect-src Host

CookieYes

active.cookieyes.com/api/15c129b68a4e12b799f6926d/log

ASN | Amazon

connect-src Host

CookieYes

cdn-cookieyes.com/client_data/15c129b68a4e12b799f6926d/

ASN | Cloudflare

connect-src Host

CookieYes

consentlog.cookieyes.com/api/v1/log

ASN | Amazon

connect-src Host

CookieYes

log.cookieyes.com/api/v1/log

ASN | Cloudflare

connect-src Host —

*.zdassets.com

connect-src Host —

widget-mediator.zopim.com

ASN | Amazon

connect-src Host —

wss://widget-mediator.zopim.com

ASN | Amazon

connect-src Host

Zendesk

productboard.zendesk.com

ASN | Cloudflare

connect-src Host —

api.iterative.ly

connect-src Host —

*.leadmanagerfx.com

ASN | Google Cloud

connect-src Host

6sense

*.6sc.co

connect-src Host

AppNexus (Xandr)

*.adnxs.com

ASN | ASN-APPNEXUS - Xandr Inc.

connect-src Host —

events.rm-api.com

ASN | Amazon

connect-src Host —

app.satismeter.com

ASN | Cloudflare

connect-src Host

OneTrust

cdn.cookielaw.org

ASN | Cloudflare

connect-src Host

OneTrust

*.onetrust.com

ASN | Cloudflare

connect-src Host —

*.onetrust.io

connect-src Host

*.linkedin.com

ASN | Microsoft

connect-src Host —

api.churnkey.co

ASN | Cloudflare

connect-src Host —

api.privacy-center.org

ASN | Amazon

font-src Keyword —

'self'

font-src Host —

cdn.productboard.com

ASN | Amazon

font-src Scheme —

data:

font-src Host

Adobe Fonts (Typekit)

use.typekit.net

ASN | Akamai

font-src Host

Adobe Fonts (Typekit)

fonts.typekit.net

ASN | Akamai

font-src Host

Intercom

*.intercomcdn.com

ASN | Amazon

font-src Host

Wistia

*.wistia.com

ASN | Fastly

font-src Host

Heap

heapanalytics.com

ASN | Amazon

font-src Host

BootstrapCDN

maxcdn.bootstrapcdn.com

ASN | Cloudflare

font-src Host

Cloudflare CDNJS

cdnjs.cloudflare.com

ASN | Cloudflare

frame-src Host

Stripe

*.stripe.com

ASN | Amazon

frame-src Host

Wistia

*.wistia.com

ASN | Fastly

frame-src Host

Wistia

*.wistia.net

frame-src Host

Google DoubleClick

*.doubleclick.net

ASN | Google

frame-src Host —

*.productboard.com

ASN | Amazon

frame-src Host

Adobe Marketo

*.marketo.com

ASN | Cloudflare

frame-src Host

Google Optimize

optimize.google.com

ASN | Google

frame-src Host

Hotjar

*.hotjar.com

ASN | Amazon

frame-src Host

Figma

*.figma.com

ASN | Amazon

frame-src Host

Loom

*.loom.com

ASN | Amazon

frame-src Host

Miro

miro.com

ASN | Amazon

frame-src Host —

*.mural.co

ASN | Cloudflare

frame-src Host

YouTube

*.youtube.com

ASN | Google

frame-src Host

Google Search

*.google.com

ASN | Google

img-src Host —

img-src Scheme —

data:

media-src Keyword —

'self'

media-src Scheme —

data:

media-src Scheme —

blob:

media-src Host

Intercom

*.intercomcdn.com

ASN | Amazon

media-src Host

Akamai

embedwistia-a.akamaihd.net

ASN | Akamai

media-src Host

Wistia

*.wistia.com

ASN | Fastly

media-src Host —

cdn.productboard.com

ASN | Amazon

media-src Host —

nucleus.productboard.net

ASN | Cloudflare

media-src Host —

*.zdassets.com

object-src Keyword —

'none'

script-src Keyword —

'strict-dynamic'

script-src Keyword —

'self'

script-src Host —

cdn.productboard.com

ASN | Amazon

script-src Host —

cdn.productboard.info

ASN | Amazon

script-src Scheme —

blob:

script-src Host

Stripe

*.stripe.com

ASN | Amazon

script-src Host

Adobe Fonts (Typekit)

use.typekit.net

ASN | Akamai

script-src Host

jQuery

*.jquery.com

ASN | Cloudflare

script-src Host

unpkg

unpkg.com/[email protected]/dist/es6-promise.min.js

ASN | Cloudflare

script-src Host

unpkg

unpkg.com/[email protected]/fetch.js

ASN | Cloudflare

script-src Host —

ana-api.productboard.com

ASN | Cloudflare

script-src Host —

ana-cdn.productboard.com

ASN | Cloudflare

script-src Host

Segment

*.segment.com

ASN | Amazon

script-src Host

Intercom

*.intercom.io

ASN | Amazon

script-src Host

Intercom

*.intercomcdn.com

ASN | Amazon

script-src Host

Sprig

cdn.sprig.com

ASN | Amazon

script-src Host

Google Analytics

google-analytics.com

ASN | Google

script-src Host

Google Analytics

www.google-analytics.com

ASN | Google

script-src Host

Google Tag Manager

www.googletagmanager.com

ASN | Google

script-src Host

Google Conversion Tracking

www.googleadservices.com

ASN | Google

script-src Host

Google Search

www.google.com

ASN | Google

script-src Host

Google Optimize

optimize.google.com

ASN | Google

script-src Host

Google DoubleClick

*.doubleclick.net

ASN | Google

script-src Host

Heap

cdn.heapanalytics.com

ASN | Amazon

script-src Host

Heap

heapanalytics.com

ASN | Amazon

script-src Host

Mixpanel

cdn.mxpnl.com

ASN | Google Cloud

script-src Host

Facebook

connect.facebook.net

ASN | Facebook

script-src Host

Fullstory

*.fullstory.com

ASN | Amazon

script-src Host

Fullstory

fullstory.com

ASN | Amazon

script-src Host

Wistia

*.wistia.com

ASN | Fastly

script-src Host

Wistia

*.wistia.net

script-src Host —

src.litix.io/core/2/mux.js

ASN | Amazon

script-src Host

Hotjar

*.hotjar.com

ASN | Amazon

script-src Host

Twitter

*.ads-twitter.com

script-src Host

*.licdn.com

script-src Host

*.linkedin.com

ASN | Microsoft

script-src Host —

cdn.linkedin.oribi.io

script-src Host

Twitter

*.twitter.com

ASN | Cloudflare

script-src Host

AWS CloudFront

d3pkntwtp2ukl5.cloudfront.net/uba.js

ASN | Amazon

script-src Host —

t.unbounce.com

ASN | Cloudflare

script-src Host

Salesforce Pardot

pi.pardot.com

ASN | Amazon

script-src Host

ClearBit

*.clearbit.com

ASN | Amazon

script-src Host

ClearBit

clearbitjs.com

ASN | Amazon

script-src Host

Adobe Marketo

*.marketo.net

script-src Host

Adobe Marketo

*.marketo.com

ASN | Cloudflare

script-src Host —

*.productboard.com

ASN | Amazon

script-src Host —

*.productboard.info

ASN | Amazon

script-src Host

HTML Load

ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

ASN | Cloudflare

script-src Host

Metadata.io

platformapi.metadata.io/insight

ASN | Amazon

script-src Host —

*.zdassets.com

script-src Host

6sense

*.6sc.co

script-src Host

Didomi

sdk.privacy-center.org

ASN | Amazon

script-src Hash —

'sha256-1xtiB6mV1iIKZ5iz9CxA5lEnfEg8d0XEH3FL9L8NBqo='

script-src Hash —

'sha256-JGNwU22sBNi7NDHL+wqlwIkC2JuuTqj3HSN50ociTRE='

script-src Hash —

'sha256-aOTKS02cS1DYFDvnu05wssg6XS9PRp/dixdxdVh7ioI='

script-src Hash —

'sha256-b9Ie95nOvwhEe9Hi9+dwQCZpCP7ZywQsClRCch8DMSw='

script-src Hash —

'sha256-Jb0wOdCesDXxdafb67AmmRPkiiHRSjffdBYCqWytm/k='

script-src Hash —

'sha256-wQru5sxHShlWpxT/nwecizNBThR4K8PhqVyc2mlJm7M='

script-src Hash —

'sha256-1PNzWOuCr8g+upenwNprAOn3WZVu0HWomIWLsWX+rLg='

script-src Hash —

'sha256-ZOa8X2G5qWRs9CiZ5FwQHOad+GnOtYuzGbe3Dt+OL/Q='

script-src Hash —

'sha256-i9zis99gljeSD8jnXB7X1lGn51dh7FicTdU03wURvbE='

script-src Hash —

'sha256-AAIyCeNkVoMxZQ/5yfTz/BG5v3Ib8KAmuVoTp+Q7psw='

script-src Hash —

'sha256-a5kmznv6Sbv8b6fgtyyendMenyUkmGCFnqtvBufglCU='

script-src Hash —

'sha256-7zBOkhS2vzHAGaz4pZ7r/FtCmEQ5bNIdVD/yOUnpgnM='

script-src Hash —

'sha256-yhgBXYVXKRAhO8Vrs6nLnyx65xWIhNfJvDZuVpNDJbc='

script-src Hash —

'sha256-wtAC4tcF3bmes4SrLnCIrvVVUhmyOlnIJAiZGqRWpbg='

script-src Hash —

'sha256-9BQpJeeygWRbL7KAwJe4fSWvTuoLqh44ZNMdnD4PHro='

script-src Hash —

'sha256-Tai0i/czjnslnZ2EDknVR5V9so039TbnC8mOBg+MmAU='

script-src Hash —

'sha256-vK0+VSmPSv66WlmxQYMr/nW0KaajgkHdOnI8gB6soPA='

script-src Hash —

'sha256-ajy9PYUtpzQkoj8ZgAmYVLwn8Qo71bhmx/YND44uy2w='

script-src Hash —

'sha256-oagjFrRKVmNSOzTEo+ojTMeuFF7QrrKYHe3aVKBtFCo='

script-src Nonce —

'nonce-k3hfC0FqHQAayxCTPRNop9M9dTG4+DMIw1h1oCiWozo='

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Cloudflare CDNJS

cdnjs.cloudflare.com

ASN | Cloudflare

style-src Host

Adobe Fonts (Typekit)

use.typekit.net

ASN | Akamai

style-src Host

Adobe Fonts (Typekit)

p.typekit.net

ASN | Akamai

style-src Host —

cdn.productboard.com

ASN | Amazon

style-src Host —

cdn.productboard.info

ASN | Amazon

style-src Host

Heap

heapanalytics.com

ASN | Amazon

style-src Host

BootstrapCDN

maxcdn.bootstrapcdn.com

ASN | Cloudflare

style-src Host

Adobe Marketo

*.marketo.com

ASN | Cloudflare

style-src Host —

info.productboard.com

ASN | Cloudflare

style-src Host

Google Optimize

optimize.google.com

ASN | Google

style-src Host —

assets.churnkey.co

ASN | Cloudflare

worker-src Keyword —

'self'

worker-src Scheme —

blob:

report-uri Host —

/csp_report

Content-Security-Policy-Report-Only

No report-only CSP headers found.