Content-Security-Policy Analysis for https://support.tackle.io

Open Cached · just now

15 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self'; connect-src 'self' tackle.auth0.com tackle-dev.auth0.com *.tackle.io tackle.io *.tkl.sh tkl.sh tackle-templates.s3.us-west-2.amazonaws.com production-document-services.s3.us-west-2.amazonaws.com staging-document-services.s3.us-west-2.amazonaws.com dev-document-services.s3.us-west-2.amazonaws.com auto-create-service-eulas.s3.amazonaws.com tackle-metering-uploads-production.s3.amazonaws.com tackle-metering-uploads-staging.s3.amazonaws.com tackle-metering-uploads-dev.s3.amazonaws.com aws-mp-standard-contracts.s3.amazonaws.com aws-mp-rcmp.s3.us-east-1.amazonaws.com login.microsoftonline.com graph.microsoft.com *.browser-intake-us3-datadoghq.com vimeo.com *.vimeo.com *.intercom.io *.intercom.com wss://*.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com https://*.intercom-messenger.com wss://*.intercom-messenger.com tackle-sso-uploads.s3.amazonaws.com *.s3.amazonaws.com *.s3.us-west-2.amazonaws.com; script-src 'self' *.intercom.io js.intercomcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.intercomcdn.com; font-src 'self' data: fonts.gstatic.com *.intercomcdn.com c.s-microsoft.com www.slant.co; img-src 'self' data: blob: *.tackle.io s3.amazonaws.com auto-create-service-eulas.s3.amazonaws.com tackle-sso-uploads.s3.amazonaws.com downstream.tackle.io.s3.amazonaws.com azuremarketplace.microsoft.com cdn.auth0.com *.wp.com i.vimeocdn.com *.googleusercontent.com s.gravatar.com avatars.githubusercontent.com *.intercomcdn.com *.intercomcdn.eu *.intercom.io *.intercomusercontent.com *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercomassets.eu *.intercomassets.com logo.clearbit.com; media-src ssl.gstatic.com *.intercomcdn.com; object-src 'none'; frame-src 'self' *.tackle.io tackle-dev.auth0.com tackle.auth0.com tackle.my.salesforce.com www.loom.com *.vimeo.com intercom-sheets.com www.intercom-reporting.com fast.wistia.net; frame-ancestors 'self' *.tackle.io *.salesforce.com *.force.com; child-src 'self' *.tackle.io intercom-sheets.com *.vimeo.com www.intercom-reporting.com fast.wistia.net; worker-src blob:; form-action *.salesforce.com; base-uri 'self'; report-uri https://browser-intake-us3-datadoghq.com/api/v2/logs?dd-api-key=pub0da81c973b03fcc4e0916684766d9131&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:downstream-app

default-src Keyword —

'self'

connect-src Keyword —

'self'

connect-src Host

Auth0

tackle.auth0.com

ASN | Cloudflare

connect-src Host

Auth0

tackle-dev.auth0.com

ASN | Cloudflare

connect-src Host —

*.tackle.io

ASN | Cloudflare

connect-src Host —

tackle.io

ASN | Cloudflare

connect-src Host —

*.tkl.sh

connect-src Host —

tkl.sh

connect-src Host

AWS

tackle-templates.s3.us-west-2.amazonaws.com

connect-src Host

AWS

production-document-services.s3.us-west-2.amazonaws.com

connect-src Host

AWS

staging-document-services.s3.us-west-2.amazonaws.com

connect-src Host

AWS

dev-document-services.s3.us-west-2.amazonaws.com

connect-src Host

Amazon S3

auto-create-service-eulas.s3.amazonaws.com

connect-src Host

Amazon S3

tackle-metering-uploads-production.s3.amazonaws.com

connect-src Host

Amazon S3

tackle-metering-uploads-staging.s3.amazonaws.com

connect-src Host

Amazon S3

tackle-metering-uploads-dev.s3.amazonaws.com

connect-src Host

Amazon S3

aws-mp-standard-contracts.s3.amazonaws.com

connect-src Host

AWS

aws-mp-rcmp.s3.us-east-1.amazonaws.com

connect-src Host

Microsoft Entra ID

login.microsoftonline.com

ASN | Microsoft

connect-src Host —

graph.microsoft.com

ASN | Microsoft

connect-src Host —

*.browser-intake-us3-datadoghq.com

ASN | Microsoft

connect-src Host

Vimeo

vimeo.com

ASN | Cloudflare

connect-src Host

Vimeo

*.vimeo.com

ASN | Cloudflare

connect-src Host

Intercom

*.intercom.io

connect-src Host —

*.intercom.com

connect-src Host

Intercom

wss://*.intercom.io

connect-src Host

Intercom

*.intercomcdn.com

connect-src Host

Intercom

*.intercomcdn.eu

connect-src Host

Intercom

*.intercomusercontent.com

connect-src Host

Intercom

https://*.intercom-messenger.com

connect-src Host

Intercom

wss://*.intercom-messenger.com

connect-src Host

Amazon S3

tackle-sso-uploads.s3.amazonaws.com

connect-src Host

Amazon S3

*.s3.amazonaws.com

connect-src Host

AWS

*.s3.us-west-2.amazonaws.com

script-src Keyword —

'self'

script-src Host

Intercom

*.intercom.io

script-src Host

Intercom

js.intercomcdn.com

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Google Fonts

fonts.googleapis.com

style-src Host

Intercom

*.intercomcdn.com

font-src Keyword —

'self'

font-src Scheme —

data:

font-src Host

Google Fonts

fonts.gstatic.com

font-src Host

Intercom

*.intercomcdn.com

font-src Host —

c.s-microsoft.com

font-src Host —

www.slant.co

ASN | Cloudflare

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Scheme —

blob:

img-src Host —

*.tackle.io

ASN | Cloudflare

img-src Host

Amazon S3

s3.amazonaws.com

img-src Host

Amazon S3

auto-create-service-eulas.s3.amazonaws.com

img-src Host

Amazon S3

tackle-sso-uploads.s3.amazonaws.com

img-src Host

Amazon S3

downstream.tackle.io.s3.amazonaws.com

img-src Host —

azuremarketplace.microsoft.com

ASN | Microsoft

img-src Host

Auth0

cdn.auth0.com

img-src Host

WordPress

*.wp.com

ASN | Automattic

img-src Host

Vimeo

i.vimeocdn.com

img-src Host

Google Cloud Storage

*.googleusercontent.com

img-src Host

Gravatar

s.gravatar.com

ASN | Automattic

img-src Host

GitHub

avatars.githubusercontent.com

img-src Host

Intercom

*.intercomcdn.com

img-src Host

Intercom

*.intercomcdn.eu

img-src Host

Intercom

*.intercom.io

img-src Host

Intercom

*.intercomusercontent.com

img-src Host

Intercom

*.intercom-attachments-1.com

img-src Host

Intercom

*.intercom-attachments-2.com

img-src Host

Intercom

*.intercom-attachments-3.com

img-src Host

Intercom

*.intercom-attachments-4.com

img-src Host

Intercom

*.intercom-attachments-5.com

img-src Host

Intercom

*.intercom-attachments-6.com

img-src Host

Intercom

*.intercom-attachments-7.com

img-src Host

Intercom

*.intercom-attachments-8.com

img-src Host

Intercom

*.intercom-attachments-9.com

img-src Host

Intercom

*.intercom-attachments.eu

img-src Host

Intercom

*.au.intercom-attachments.com

img-src Host

Intercom

*.intercomassets.eu

img-src Host

Intercom

*.intercomassets.com

img-src Host

ClearBit

logo.clearbit.com

media-src Host

Google Static File Front End

ssl.gstatic.com

media-src Host

Intercom

*.intercomcdn.com

object-src Keyword —

'none'

frame-src Keyword —

'self'

frame-src Host —

*.tackle.io

ASN | Cloudflare

frame-src Host

Auth0

tackle-dev.auth0.com

ASN | Cloudflare

frame-src Host

Auth0

tackle.auth0.com

ASN | Cloudflare

frame-src Host

Salesforce Cloud

tackle.my.salesforce.com

frame-src Host

Loom

www.loom.com

frame-src Host

Vimeo

*.vimeo.com

ASN | Cloudflare

frame-src Host

Intercom

intercom-sheets.com

frame-src Host

Intercom

www.intercom-reporting.com

frame-src Host

Wistia

fast.wistia.net

frame-ancestors Keyword —

'self'

frame-ancestors Host —

*.tackle.io

ASN | Cloudflare

frame-ancestors Host

Salesforce Cloud

*.salesforce.com

frame-ancestors Host

Salesforce Sites

*.force.com

child-src Keyword —

'self'

child-src Host —

*.tackle.io

ASN | Cloudflare

child-src Host

Intercom

intercom-sheets.com

child-src Host

Vimeo

*.vimeo.com

ASN | Cloudflare

child-src Host

Intercom

www.intercom-reporting.com

child-src Host

Wistia

fast.wistia.net

worker-src Scheme —

blob:

form-action Host

Salesforce Cloud

*.salesforce.com

base-uri Keyword —

'self'

report-uri Host —

https://browser-intake-us3-datadoghq.com/api/v2/logs?dd-api-key=pub0da81c973b03fcc4e0916684766d9131&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:downstream-app

ASN | Microsoft

Content-Security-Policy-Report-Only

No report-only CSP headers found.