Content-Security-Policy Analysis for https://stagingweb.admincontrol.com

Open Cached · just now

14 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self'; child-src *.hsforms.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' admincontrol.statuspage.io www.google.com/recaptcha/ *.doubleclick.net www.googletagmanager.com 7052064.fs1.hubspotusercontent-na1.net 25334189-admincontrol-staging-2024.hs-sites-eu1.com js-eu1.hubspot.com play.hubspotvideo.com forms-eu1.hsforms.com; img-src 'self' data: admincontrol.com c.bing.com c.clarity.ms bat.bing.com px.ads.linkedin.com 7052064.fs1.hubspotusercontent-na1.net 25334189-admincontrol-staging-2024.hs-sites-eu1.com static.hsappstatic.net track-eu1.hubspot.com forms-eu1.hsforms.com perf-eu1.hsforms.com 7052064.fs1.hubspotusercontent-na1.net 25334189.fs1.hubspotusercontent-eu1.net cdn.cookielaw.org; media-src 'self' admincontrol.com 7052064.fs1.hubspotusercontent-na1.net 25334189-admincontrol-staging-2024.hs-sites-eu1.com 25334189.fs1.hubspotusercontent-eu1.net; object-src 'none'; script-src 'self' 'unsafe-eval' www.googletagmanager.com 'strict-dynamic' 'nonce-L97R3b5JifdS3x9GnMcqmA=='; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.cookielaw.org js-eu1.hubspot.com; base-uri 'self'; connect-src 'self' j.clarity.ms n.clarity.ms px.ads.linkedin.com api.puzzel.com js-eu1.hubspot.com app-eu1.hubspot.com cta-eu1.hubspot.com track-eu1.hubspot.com js-eu1.hs-banner.com js-eu1.hscollectedforms.net forms-eu1.hscollectedforms.net perf-eu1.hsforms.com forms-eu1.hsforms.com *.google-analytics.com adservice.google.com www.google.com/pagead/ cdn.cookielaw.org snowplow-test.visma.com privacyportal-eu.onetrust.com; script-src-elem 'self' 'unsafe-inline' track.adform.net s2.adform.net js-eu1.hs-banner.com js-eu1.hs-analytics.net js-eu1.hscollectedforms.net js-eu1.hubspot.com www.clarity.ms snap.licdn.com bat.bing.com euwa.puzzel.com *.googletagmanager.com *.doubleclick.net storage.googleapis.com/snowplow-cto-office-tracker-bucket/ cdn.cookielaw.org www.google.com/recaptcha/ www.gstatic.com admincontrol.statuspage.io; style-src-elem 'self' 'unsafe-inline' cdn.cookielaw.org; upgrade-insecure-requests

default-src Keyword —

'self'

child-src Host

HubSpot Forms

*.hsforms.com

font-src Keyword —

'self'

font-src Host

Google Fonts

https://fonts.gstatic.com

font-src Scheme —

data:

frame-src Keyword —

'self'

frame-src Host

Statuspage

admincontrol.statuspage.io

frame-src Host

Google reCAPTCHA

www.google.com/recaptcha/

frame-src Host

Google DoubleClick

*.doubleclick.net

frame-src Host

Google Tag Manager

www.googletagmanager.com

frame-src Host

HubSpot

7052064.fs1.hubspotusercontent-na1.net

ASN | Cloudflare

frame-src Host

HubSpot CMS

25334189-admincontrol-staging-2024.hs-sites-eu1.com

ASN | Cloudflare

frame-src Host

HubSpot

js-eu1.hubspot.com

ASN | Cloudflare

frame-src Host

HubSpot Video

play.hubspotvideo.com

ASN | Cloudflare

frame-src Host

HubSpot Forms

forms-eu1.hsforms.com

ASN | Cloudflare

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Host —

admincontrol.com

ASN | Cloudflare

img-src Host

Bing

c.bing.com

ASN | Microsoft

img-src Host

Microsoft Clarity

c.clarity.ms

ASN | Microsoft

img-src Host

Microsoft Advertising

bat.bing.com

ASN | Microsoft

img-src Host

LinkedIn

px.ads.linkedin.com

ASN | Microsoft

img-src Host

HubSpot

7052064.fs1.hubspotusercontent-na1.net

ASN | Cloudflare

img-src Host

HubSpot CMS

25334189-admincontrol-staging-2024.hs-sites-eu1.com

ASN | Cloudflare

img-src Host

HubSpot

static.hsappstatic.net

ASN | Cloudflare

img-src Host

HubSpot

track-eu1.hubspot.com

ASN | Cloudflare

img-src Host

HubSpot Forms

forms-eu1.hsforms.com

ASN | Cloudflare

img-src Host

HubSpot Forms

perf-eu1.hsforms.com

ASN | Cloudflare

img-src Host

HubSpot

7052064.fs1.hubspotusercontent-na1.net

ASN | Cloudflare

img-src Host —

25334189.fs1.hubspotusercontent-eu1.net

ASN | Cloudflare

img-src Host

OneTrust

cdn.cookielaw.org

ASN | Cloudflare

media-src Keyword —

'self'

media-src Host —

admincontrol.com

ASN | Cloudflare

media-src Host

HubSpot

7052064.fs1.hubspotusercontent-na1.net

ASN | Cloudflare

media-src Host

HubSpot CMS

25334189-admincontrol-staging-2024.hs-sites-eu1.com

ASN | Cloudflare

media-src Host —

25334189.fs1.hubspotusercontent-eu1.net

ASN | Cloudflare

object-src Keyword —

'none'

script-src Keyword —

'self'

script-src Keyword —

'unsafe-eval'

script-src Host

Google Tag Manager

www.googletagmanager.com

script-src Keyword —

'strict-dynamic'

script-src Nonce —

'nonce-L97R3b5JifdS3x9GnMcqmA=='

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Google Fonts

fonts.googleapis.com

style-src Host

OneTrust

cdn.cookielaw.org

ASN | Cloudflare

style-src Host

HubSpot

js-eu1.hubspot.com

ASN | Cloudflare

base-uri Keyword —

'self'

connect-src Keyword —

'self'

connect-src Host

Microsoft Clarity

j.clarity.ms

ASN | Microsoft

connect-src Host

Microsoft Clarity

n.clarity.ms

ASN | Microsoft

connect-src Host

LinkedIn

px.ads.linkedin.com

ASN | Microsoft

connect-src Host —

api.puzzel.com

ASN | GlobalConnect-AS2116 GLOBALCONNECT AS

connect-src Host

HubSpot

js-eu1.hubspot.com

ASN | Cloudflare

connect-src Host

HubSpot

app-eu1.hubspot.com

ASN | Cloudflare

connect-src Host

HubSpot

cta-eu1.hubspot.com

ASN | Cloudflare

connect-src Host

HubSpot

track-eu1.hubspot.com

ASN | Cloudflare

connect-src Host

HubSpot

js-eu1.hs-banner.com

ASN | Cloudflare

connect-src Host

HubSpot Forms

js-eu1.hscollectedforms.net

ASN | Cloudflare

connect-src Host

HubSpot Forms

forms-eu1.hscollectedforms.net

ASN | Cloudflare

connect-src Host

HubSpot Forms

perf-eu1.hsforms.com

ASN | Cloudflare

connect-src Host

HubSpot Forms

forms-eu1.hsforms.com

ASN | Cloudflare

connect-src Host

Google Analytics

*.google-analytics.com

connect-src Host

Google Conversion Tracking

adservice.google.com

connect-src Host

Google Search

www.google.com/pagead/

connect-src Host

OneTrust

cdn.cookielaw.org

ASN | Cloudflare

connect-src Host —

snowplow-test.visma.com

ASN | Google Cloud

connect-src Host

OneTrust

privacyportal-eu.onetrust.com

ASN | Cloudflare

script-src-elem Keyword —

'self'

script-src-elem Keyword —

'unsafe-inline'

script-src-elem Host —

track.adform.net

ASN | ADFORM Adform A/S

script-src-elem Host —

s2.adform.net

ASN | ADFORM Adform A/S

script-src-elem Host

HubSpot

js-eu1.hs-banner.com

ASN | Cloudflare

script-src-elem Host

HubSpot Analytics

js-eu1.hs-analytics.net

ASN | Cloudflare

script-src-elem Host

HubSpot Forms

js-eu1.hscollectedforms.net

ASN | Cloudflare

script-src-elem Host

HubSpot

js-eu1.hubspot.com

ASN | Cloudflare

script-src-elem Host

Microsoft Clarity

www.clarity.ms

ASN | Microsoft

script-src-elem Host

LinkedIn

snap.licdn.com

script-src-elem Host

Microsoft Advertising

bat.bing.com

ASN | Microsoft

script-src-elem Host —

euwa.puzzel.com

script-src-elem Host

Google Tag Manager

*.googletagmanager.com

script-src-elem Host

Google DoubleClick

*.doubleclick.net

script-src-elem Host

Google Cloud Storage

storage.googleapis.com/snowplow-cto-office-tracker-bucket/

script-src-elem Host

OneTrust

cdn.cookielaw.org

ASN | Cloudflare

script-src-elem Host

Google reCAPTCHA

www.google.com/recaptcha/

script-src-elem Host

Google Static File Front End

www.gstatic.com

script-src-elem Host

Statuspage

admincontrol.statuspage.io

style-src-elem Keyword —

'self'

style-src-elem Keyword —

'unsafe-inline'

style-src-elem Host

OneTrust

cdn.cookielaw.org

ASN | Cloudflare

upgrade-insecure-requests Source —

(no sources)

Content-Security-Policy-Report-Only

No report-only CSP headers found.