Content-Security-Policy Analysis for https://share.hsforms.com

Open Cached · just now

5 directives

Content-Security-Policy

Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com *.metrics.convertexperiments.com *.signals.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com organizer.bizzabo.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com 50339659.hs-sites.com analytics.tiktok.com 'strict-dynamic' 'nonce-3exy6TyJRFKsBbmclr/rlQ=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests
Content-Security-Policy-Report-Only: script-src 'self' 'unsafe-inline' 'unsafe-eval' 50339659.hs-sites.com 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn-4.convertexperiments.com *.metrics.convertexperiments.com *.signals.convertexperiments.com logs.convertexperiments.com *.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-3exy6TyJRFKsBbmclr/rlQ=='; report-uri https://send.hsbrowserreports.com/csp/report

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Keyword —

'self'

script-src Host

Convert

1003891.track.convertexperiments.com

script-src Host

HubSpot

app.hubspot.com

ASN | Cloudflare

script-src Host

Convert

cdn-3.convertexperiments.com

script-src Host

Convert

cdn-4.convertexperiments.com

script-src Host

Convert

*.metrics.convertexperiments.com

script-src Host

Convert

*.signals.convertexperiments.com

script-src Host

Convert

logs.convertexperiments.com

script-src Host

Convert

*.convertexperiments.com

script-src Host —

cdn.pdst.fm

ASN | Google Cloud

script-src Host

Facebook

connect.facebook.net

script-src Host

HubSpot Analytics

js.hs-analytics.net

ASN | Cloudflare

script-src Host

HubSpot

js.hs-banner.com

ASN | Cloudflare

script-src Host

HubSpot Forms

js.hsforms.net

ASN | Cloudflare

script-src Host

HubSpot

js.hsleadflows.net

ASN | Cloudflare

script-src Host

HubSpot Feedback & Surveys

js.hubspotfeedback.com

ASN | Cloudflare

script-src Host

HubSpot Live Chat

js.usemessages.com

ASN | Cloudflare

script-src Host

Bizzabo

organizer.bizzabo.com

script-src Host

Vidyard

play.vidyard.com

script-src Host

Hotjar

script.hotjar.com

script-src Host

LinkedIn

snap.licdn.com

script-src Host

Hotjar

static.hotjar.com

script-src Host

HubSpot

static.hsappstatic.net

ASN | Cloudflare

script-src Host

Google Analytics

www.google-analytics.com

script-src Host

Google Tag Manager

www.googletagmanager.com

script-src Host

Google reCAPTCHA

www.recaptcha.net

script-src Host Highcharts

code.highcharts.com

ASN | Cloudflare

script-src Host

YouTube

www.youtube.com

script-src Host

HubSpot

js.hubspot.com

ASN | Cloudflare

script-src Host

Dropbox

www.dropbox.com

ASN | DROPBOX - Dropbox

script-src Host —

widget.altrulabs.com

script-src Host

Google Search

www.google.com

script-src Host

Google Maps

maps.googleapis.com

script-src Host —

wt-assets.hubteam.com

script-src Host

HubSpot

cdn2.hubspot.net

ASN | Cloudflare

script-src Host

Reddit

www.redditstatic.com

script-src Host —

cdn.veritonic.com

script-src Host —

gosniply.com

ASN | Cloudflare

script-src Host —

d.impactradius-event.com

ASN | Google Cloud

script-src Host

HubSpot

js.hubspot.com

ASN | Cloudflare

script-src Host

HubSpot CMS

50339659.hs-sites.com

ASN | Cloudflare

script-src Host

TikTok Analytics

analytics.tiktok.com

script-src Keyword —

'strict-dynamic'

script-src Nonce —

'nonce-3exy6TyJRFKsBbmclr/rlQ=='

report-uri Host —

https://send.hsbrowserreports.com/csp/report

upgrade-insecure-requests Source —

(no sources)

Content-Security-Policy-Report-Only

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host

HubSpot CMS

50339659.hs-sites.com

ASN | Cloudflare

script-src Host

Convert

1003891.track.convertexperiments.com

script-src Host

HubSpot

app.hubspot.com

ASN | Cloudflare

script-src Host

Convert

cdn-3.convertexperiments.com

script-src Host

Convert

cdn-4.convertexperiments.com

script-src Host

Convert

*.metrics.convertexperiments.com

script-src Host

Convert

*.signals.convertexperiments.com

script-src Host

Convert

logs.convertexperiments.com

script-src Host

Convert

*.convertexperiments.com

script-src Host —

cdn.pdst.fm

ASN | Google Cloud

script-src Host

Facebook

connect.facebook.net

script-src Host

HubSpot Analytics

js.hs-analytics.net

ASN | Cloudflare

script-src Host

HubSpot

js.hs-banner.com

ASN | Cloudflare

script-src Host

HubSpot Forms

js.hsforms.net

ASN | Cloudflare

script-src Host

HubSpot

js.hsleadflows.net

ASN | Cloudflare

script-src Host

HubSpot Feedback & Surveys

js.hubspotfeedback.com

ASN | Cloudflare

script-src Host

HubSpot Live Chat

js.usemessages.com

ASN | Cloudflare

script-src Host

Vidyard

play.vidyard.com

script-src Host

Hotjar

script.hotjar.com

script-src Host

LinkedIn

snap.licdn.com

script-src Host

Hotjar

static.hotjar.com

script-src Host

HubSpot

static.hsappstatic.net

ASN | Cloudflare

script-src Host

Google Analytics

www.google-analytics.com

script-src Host

Google Tag Manager

www.googletagmanager.com

script-src Host

Google reCAPTCHA

www.recaptcha.net

script-src Host Highcharts

code.highcharts.com

ASN | Cloudflare

script-src Host

YouTube

www.youtube.com

script-src Host

HubSpot

js.hubspot.com

ASN | Cloudflare

script-src Host

Dropbox

www.dropbox.com

ASN | DROPBOX - Dropbox

script-src Host —

widget.altrulabs.com

script-src Host

Google Search

www.google.com

script-src Host

Google Maps

maps.googleapis.com

script-src Host —

wt-assets.hubteam.com

script-src Host

HubSpot

cdn2.hubspot.net

ASN | Cloudflare

script-src Host

Reddit

www.redditstatic.com

script-src Host —

cdn.veritonic.com

script-src Host —

gosniply.com

ASN | Cloudflare

script-src Host —

d.impactradius-event.com

ASN | Google Cloud

script-src Host —

test.test.com

script-src Host

HubSpot

js.hubspot.com

ASN | Cloudflare

script-src Host

TikTok Analytics

analytics.tiktok.com

script-src Keyword —

'strict-dynamic'

script-src Nonce —

'nonce-3exy6TyJRFKsBbmclr/rlQ=='

report-uri Host —

https://send.hsbrowserreports.com/csp/report