Content-Security-Policy Analysis for https://staging.htmlpub.com

Open Cached · just now

7 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://cdn.goentri.com https://cdn.useparagon.com https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.mxpnl.com https://cdn.paddle.com; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; img-src 'self' data: blob: https://gravatar.com https://cdn.useparagon.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://api.producthunt.com; frame-src * blob:; connect-src 'self' https://api.stripe.com https://*.useparagon.com https://pages.htmlpub.com https://api.goentri.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://api-js.mixpanel.com https://cdn.mxpnl.com https://*.paddle.com

default-src Keyword —

'self'

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host

Cloudflare Web Analytics

https://static.cloudflareinsights.com

ASN | Cloudflare

script-src Host

Entri

https://cdn.goentri.com

ASN | Cloudflare

script-src Host —

https://cdn.useparagon.com

ASN | Cloudflare

script-src Host

Google Tag Manager

https://www.googletagmanager.com

script-src Host

Google Tag Manager

https://*.googletagmanager.com

script-src Host

Mixpanel

https://cdn.mxpnl.com

ASN | Google Cloud

script-src Host

Paddle

https://cdn.paddle.com

ASN | Cloudflare

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Scheme —

https:

font-src Keyword —

'self'

font-src Scheme —

data:

font-src Scheme —

https:

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Scheme —

blob:

img-src Host

Gravatar

https://gravatar.com

ASN | Automattic

img-src Host —

https://cdn.useparagon.com

ASN | Cloudflare

img-src Host

Google Tag Manager

https://www.googletagmanager.com

img-src Host

Google Analytics

https://*.google-analytics.com

img-src Host

Google Tag Manager

https://*.googletagmanager.com

img-src Host

Product Hunt

https://api.producthunt.com

ASN | Cloudflare

frame-src Host —

*

frame-src Scheme —

blob:

connect-src Keyword —

'self'

connect-src Host

Stripe

https://api.stripe.com

connect-src Host —

https://*.useparagon.com

connect-src Host —

https://pages.htmlpub.com

ASN | Cloudflare

connect-src Host

Entri

https://api.goentri.com

connect-src Host

Google Tag Manager

https://www.googletagmanager.com

connect-src Host

Google Analytics

https://*.google-analytics.com

connect-src Host

Google Analytics

https://*.analytics.google.com

connect-src Host

Google Tag Manager

https://*.googletagmanager.com

connect-src Host

Mixpanel

https://api-js.mixpanel.com

ASN | Google Cloud

connect-src Host

Mixpanel

https://cdn.mxpnl.com

ASN | Google Cloud

connect-src Host

Paddle

https://*.paddle.com

Content-Security-Policy-Report-Only

No report-only CSP headers found.