Content-Security-Policy Analysis for https://sovasystems.com

Open Cached · 1h ago

12 directives

Content-Security-Policy

Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; object-src 'none'; connect-src 'self' 'unsafe-inline' https://rest.ably.io/comet wss://realtime.ably.io https://h8j1k1fk3e.execute-api.us-east-1.amazonaws.com/prod; font-src 'self' data: https://dcqn38zkfmbl3.cloudfront.net https://fonts.gstatic.com; frame-src https://consentcdn.cookiebot.com https://www.youtube.com https://youtube.com; img-src 'self' data: https://ajax.googleapis.com https://storage.googleapis.com https://dcqn38zkfmbl3.cloudfront.net https://dddqjukkk2hop.cloudfront.net https://khms0.googleapis.com https://khms1.googleapis.com https://maps.google.com https://maps.gstatic.com https://shippo-static.s3.amazonaws.com; media-src https://giant.gfycat.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js https://cdn.ably.io/lib/ably.min-1.2.4.js https://cdn.datatables.net/1.10.13/js/jquery.dataTables.min.js https://cdnjs.cloudflare.com/ajax/libs/toastr.js/latest https://consent.cookiebot.com https://consentcdn.cookiebot.com https://d79i1fxsrar4t.cloudfront.net/sdk/1.4.2/smartystreets-sdk-1.4.2.min.js https://dcqn38zkfmbl3.cloudfront.net/* https://www.echofox.io/widget.js https://echofox.io/widget.js https://echofox.io/widget/frame-modern.production.js ttps://echofox.io/widget/vendor-modern.production.js https://echofox.io/widget/vendor-modern.production.js https://fonts.googleapis.com/ ajax.cloudflare.com static.cloudflareinsights.com; style-src 'self' https://echofox.io/widget/frame-modern.production.css https://www.echofox.io/widget/frame-modern.production.css https://fonts.googleapis.com 'unsafe-inline'

default-src Keyword —

'none'

frame-ancestors Keyword —

'none'

base-uri Keyword —

'self'

form-action Keyword —

'self'

object-src Keyword —

'none'

connect-src Keyword —

'self'

connect-src Keyword —

'unsafe-inline'

connect-src Host

Ably

https://rest.ably.io/comet

connect-src Host

Ably

wss://realtime.ably.io

connect-src Host

AWS API Gateway

https://h8j1k1fk3e.execute-api.us-east-1.amazonaws.com/prod

font-src Keyword —

'self'

font-src Scheme —

data:

font-src Host

AWS CloudFront

https://dcqn38zkfmbl3.cloudfront.net

font-src Host

Google Fonts

https://fonts.gstatic.com

frame-src Host

Cookiebot

https://consentcdn.cookiebot.com

frame-src Host

YouTube

https://www.youtube.com

frame-src Host

YouTube

https://youtube.com

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Host

Google Hosted Libraries

https://ajax.googleapis.com

img-src Host

Google Cloud Storage

https://storage.googleapis.com

img-src Host

AWS CloudFront

https://dcqn38zkfmbl3.cloudfront.net

img-src Host

AWS CloudFront

https://dddqjukkk2hop.cloudfront.net

img-src Host

Google API JS Client

https://khms0.googleapis.com

img-src Host

Google API JS Client

https://khms1.googleapis.com

img-src Host

Google Maps

https://maps.google.com

img-src Host

Google Maps

https://maps.gstatic.com

img-src Host

Amazon S3

https://shippo-static.s3.amazonaws.com

media-src Host —

https://giant.gfycat.com

script-src Keyword —

'self'

script-src Keyword —

'unsafe-eval'

script-src Keyword —

'unsafe-inline'

script-src Host

Google Hosted Libraries

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

script-src Host

Google Hosted Libraries

https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js

script-src Host

Ably

https://cdn.ably.io/lib/ably.min-1.2.4.js

script-src Host

DataTables

https://cdn.datatables.net/1.10.13/js/jquery.dataTables.min.js

ASN | Cloudflare

script-src Host

Cloudflare CDNJS

https://cdnjs.cloudflare.com/ajax/libs/toastr.js/latest

ASN | Cloudflare

script-src Host

Cookiebot

https://consent.cookiebot.com

script-src Host

Cookiebot

https://consentcdn.cookiebot.com

script-src Host

AWS CloudFront

https://d79i1fxsrar4t.cloudfront.net/sdk/1.4.2/smartystreets-sdk-1.4.2.min.js

script-src Host

AWS CloudFront

https://dcqn38zkfmbl3.cloudfront.net/*

script-src Host —

https://www.echofox.io/widget.js

script-src Host —

https://echofox.io/widget.js

script-src Host —

https://echofox.io/widget/frame-modern.production.js

script-src Host —

ttps://echofox.io/widget/vendor-modern.production.js

script-src Host —

https://echofox.io/widget/vendor-modern.production.js

script-src Host

Google Fonts

https://fonts.googleapis.com/

script-src Host

Cloudflare CDNJS

ajax.cloudflare.com

ASN | Cloudflare

script-src Host

Cloudflare Web Analytics

static.cloudflareinsights.com

ASN | Cloudflare

style-src Keyword —

'self'

style-src Host —

https://echofox.io/widget/frame-modern.production.css

style-src Host —

https://www.echofox.io/widget/frame-modern.production.css

style-src Host

Google Fonts

https://fonts.googleapis.com

style-src Keyword —

'unsafe-inline'

Content-Security-Policy-Report-Only

No report-only CSP headers found.