Content-Security-Policy Analysis for https://securityscorecard.io

Open Cached · just now

15 directives

Content-Security-Policy

Content-Security-Policy: block-all-mixed-content; frame-ancestors 'self' *.securityscorecard.com *.securityscorecard.camp *.cookiebot.com https://job-boards.greenhouse.io; default-src 'self'; object-src 'none'; img-src 'self' *.crazyegg.com blob: data: https:; media-src 'self' mediastream: *.qualified.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com *.crazyegg.com *.cookiebot.com *.datadoghq-browser-agent.com https://job-boards.greenhouse.io blob: data: https:; style-src 'self' 'unsafe-inline' *.qualified.com https:; font-src 'self' *.securityscorecard.com *.securityscorecard.camp *.auryc.com data: https:; frame-src 'self' *.qualified.com www.googletagmanager.com https: https://job-boards.greenhouse.io; connect-src 'self' *.securityscorecard.com *.securityscorecard.camp *.crazyegg.com *.cookiebot.com *.qualified.com wss://*.qualified.com *.auryc.com *.browser-intake-datadoghq.com https: https://job-boards.greenhouse.io; base-uri 'self'; form-action 'self' https:; worker-src blob:; child-src *.qualified.com https://job-boards.greenhouse.io;

block-all-mixed-content Source —

(no sources)

frame-ancestors Keyword —

'self'

frame-ancestors Host —

*.securityscorecard.com

ASN | Cloudflare

frame-ancestors Host —

*.securityscorecard.camp

frame-ancestors Host

Cookiebot

*.cookiebot.com

ASN | Cloudflare

frame-ancestors Host

Greenhouse

https://job-boards.greenhouse.io

default-src Keyword —

'self'

object-src Keyword —

'none'

img-src Keyword —

'self'

img-src Host

Crazy Egg

*.crazyegg.com

img-src Scheme —

blob:

img-src Scheme —

data:

img-src Scheme —

https:

media-src Keyword —

'self'

media-src Scheme —

mediastream:

media-src Host

Qualified

*.qualified.com

ASN | Cloudflare

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host

Heap

*.heapanalytics.com

script-src Host

Crazy Egg

*.crazyegg.com

script-src Host

Cookiebot

*.cookiebot.com

ASN | Cloudflare

script-src Host

Datadog

*.datadoghq-browser-agent.com

script-src Host

Greenhouse

https://job-boards.greenhouse.io

script-src Scheme —

blob:

script-src Scheme —

data:

script-src Scheme —

https:

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Qualified

*.qualified.com

ASN | Cloudflare

style-src Scheme —

https:

font-src Keyword —

'self'

font-src Host —

*.securityscorecard.com

ASN | Cloudflare

font-src Host —

*.securityscorecard.camp

font-src Host —

*.auryc.com

ASN | Cloudflare

font-src Scheme —

data:

font-src Scheme —

https:

frame-src Keyword —

'self'

frame-src Host

Qualified

*.qualified.com

ASN | Cloudflare

frame-src Host

Google Tag Manager

www.googletagmanager.com

frame-src Scheme —

https:

frame-src Host

Greenhouse

https://job-boards.greenhouse.io

connect-src Keyword —

'self'

connect-src Host —

*.securityscorecard.com

ASN | Cloudflare

connect-src Host —

*.securityscorecard.camp

connect-src Host

Crazy Egg

*.crazyegg.com

connect-src Host

Cookiebot

*.cookiebot.com

ASN | Cloudflare

connect-src Host

Qualified

*.qualified.com

ASN | Cloudflare

connect-src Host

Qualified

wss://*.qualified.com

ASN | Cloudflare

connect-src Host —

*.auryc.com

ASN | Cloudflare

connect-src Host

Datadog

*.browser-intake-datadoghq.com

connect-src Scheme —

https:

connect-src Host

Greenhouse

https://job-boards.greenhouse.io

base-uri Keyword —

'self'

form-action Keyword —

'self'

form-action Scheme —

https:

worker-src Scheme —

blob:

child-src Host

Qualified

*.qualified.com

ASN | Cloudflare

child-src Host

Greenhouse

https://job-boards.greenhouse.io

Content-Security-Policy-Report-Only

No report-only CSP headers found.