Content-Security-Policy Analysis for https://secure.canopy.cloud

Open Cached · 1h ago

11 directives

Content-Security-Policy

Content-Security-Policy: default-src 'none'; script-src 'self' blob: 'unsafe-eval'  'sha256-ihOn+aWCyyt5QEpBNnjavx2F/jKxCqnuShaczLMBnqU=' 'sha256-EW2JiugJj9Ab8NaqyGbI4ZBga+mPRj5OMjBxSgc1KEM=' 'sha256-BnZOcGe9jN3xu+bnWdePyGqXRSUMJFNo9fovaOL/9Pk=' 'sha256-HZj3IMHRi9Bkyxfw6Q6yDiu0HlCOZkxKLSXmPRqPWmA=' 'sha256-S47faVnvnKDp7J/6wpZBXTkWUbzPVAgp1Bn5LSskHXI=' 'sha256-6wWSixrIcsgc4mTcBSPdjr06MNpuNKuxXcI+Vb1xuDI=' 'sha256-tt43UAkhJGOzxRD0pvgfBLQRGcomh1QL+RJXD6zfp3M=' 'sha256-5cjEIRK3GtaO8cLEYTP47pNRJi+MzZVHkb+hafUi6hM=' 'sha256-hifMGRlP2rQ0ViH2LD4Vgd65Hcy72y2Mj1UJ3Af6hbc='  https://api.airbrake.io  https://*.appcues.com https://*.appcues.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://api.segment.io; frame-src 'self' https://*.canopy.cloud https://*.kurtosys.org https://*.appcues.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; child-src 'self' https://*.canopy.cloud https://*.kurtosys.org https://*.appcues.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; font-src 'self' data: https://js.intercomcdn.com; connect-src 'self' https://api.airbrake.io  https://*.appcues.com ws://*.appcues.com https://*.appcues.net wss://*.appcues.net https://*.canopy.cloud https://*.kurtosys.org wss://*.kurtosys.org wss://*.canopy.cloud https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io  https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://cdn.segment.com https://api.segment.io; img-src 'self' res.cloudinary.com twemoji.maxcdn.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com  https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com; media-src 'self' https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io;; frame-ancestors https://secure.canopy.cloud

default-src Keyword —

'none'

script-src Keyword —

'self'

script-src Scheme —

blob:

script-src Keyword —

'unsafe-eval'

script-src Hash —

'sha256-ihOn+aWCyyt5QEpBNnjavx2F/jKxCqnuShaczLMBnqU='

script-src Hash —

'sha256-EW2JiugJj9Ab8NaqyGbI4ZBga+mPRj5OMjBxSgc1KEM='