Content-Security-Policy Analysis for https://swgeneral.ext.notable.engineering

Open Cached · just now

15 directives

Content-Security-Policy

Content-Security-Policy: default-src * data: blob: 'self';worker-src * data: blob: 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'self' blob:;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;style-src-elem 'self' https: blob:  'unsafe-inline';img-src 'self' * data: blob: *.sentry.io sentry.io *.stripe.com stripe.com *.gstatic.com gstatic.com *.googleapis.com googleapis.com *.tinymce.com *.tiny.cloud *.launchdarkly.com *.posthog.com https://cdn.prod.notable.engineering https://checkin.pcmahealth.org;script-src 'self' 'unsafe-eval' *.sentry.io sentry.io *.stripe.com stripe.com *.gstatic.com gstatic.com *.googleapis.com googleapis.com *.tinymce.com *.tiny.cloud *.launchdarkly.com *.posthog.com https://cdn.prod.notable.engineering https://checkin.pcmahealth.org;connect-src 'self' https://app.notablehealth.com *.sentry.io sentry.io *.stripe.com stripe.com *.gstatic.com gstatic.com *.googleapis.com googleapis.com *.tinymce.com *.tiny.cloud *.launchdarkly.com *.posthog.com https://cdn.prod.notable.engineering https://checkin.pcmahealth.org;frame-ancestors 'self' https://vendorservices.epic.com chrome-extension://nikbjinanfbmjmoaegdhhbeihgeeddcj chrome-extension://hdgoooiiinahjoahcfaeihjogkplhfea;form-action 'self'

default-src Host —

*

default-src Scheme —

data:

default-src Scheme —

blob:

default-src Keyword —

'self'

worker-src Host —

*

worker-src Scheme —

data:

worker-src Scheme —

blob:

worker-src Keyword —

'self'

base-uri Keyword —

'self'

block-all-mixed-content Source —

(no sources)

font-src Keyword —

'self'

font-src Scheme —

https:

font-src Scheme —

data:

object-src Keyword —

'self'

object-src Scheme —

blob:

script-src-attr Keyword —

'none'

style-src Keyword —

'self'

style-src Scheme —

https:

style-src Keyword —

'unsafe-inline'

upgrade-insecure-requests Source —

(no sources)

style-src-elem Keyword —

'self'

style-src-elem Scheme —

https:

style-src-elem Scheme —

blob:

style-src-elem Keyword —

'unsafe-inline'

img-src Keyword —

'self'

img-src Host —

*

img-src Scheme —

data:

img-src Scheme —

blob:

img-src Host

Sentry

*.sentry.io

ASN | Google Cloud

img-src Host

Sentry

sentry.io

ASN | Google Cloud

img-src Host

Stripe

*.stripe.com

img-src Host

Stripe

stripe.com

img-src Host

Google Static File Front End

*.gstatic.com

img-src Host

Google Static File Front End

gstatic.com

img-src Host

Google API JS Client

*.googleapis.com

img-src Host

Google API JS Client

googleapis.com

img-src Host —

*.tinymce.com

img-src Host —

*.tiny.cloud

img-src Host

LaunchDarkly

*.launchdarkly.com

img-src Host

PostHog

*.posthog.com

img-src Host —

https://cdn.prod.notable.engineering

ASN | Google Cloud

img-src Host —

https://checkin.pcmahealth.org

ASN | Google Cloud

script-src Keyword —

'self'

script-src Keyword —

'unsafe-eval'

script-src Host

Sentry

*.sentry.io

ASN | Google Cloud

script-src Host

Sentry

sentry.io

ASN | Google Cloud

script-src Host

Stripe

*.stripe.com

script-src Host

Stripe

stripe.com

script-src Host

Google Static File Front End

*.gstatic.com

script-src Host

Google Static File Front End

gstatic.com

script-src Host

Google API JS Client

*.googleapis.com

script-src Host

Google API JS Client

googleapis.com

script-src Host —

*.tinymce.com

script-src Host —

*.tiny.cloud

script-src Host

LaunchDarkly

*.launchdarkly.com

script-src Host

PostHog

*.posthog.com

script-src Host —

https://cdn.prod.notable.engineering

ASN | Google Cloud

script-src Host —

https://checkin.pcmahealth.org

ASN | Google Cloud

connect-src Keyword —

'self'

connect-src Host —

https://app.notablehealth.com

ASN | Google Cloud

connect-src Host

Sentry

*.sentry.io

ASN | Google Cloud

connect-src Host

Sentry

sentry.io

ASN | Google Cloud

connect-src Host

Stripe

*.stripe.com

connect-src Host

Stripe

stripe.com

connect-src Host

Google Static File Front End

*.gstatic.com

connect-src Host

Google Static File Front End

gstatic.com

connect-src Host

Google API JS Client

*.googleapis.com

connect-src Host

Google API JS Client

googleapis.com

connect-src Host —

*.tinymce.com

connect-src Host —

*.tiny.cloud

connect-src Host

LaunchDarkly

*.launchdarkly.com

connect-src Host

PostHog

*.posthog.com

connect-src Host —

https://cdn.prod.notable.engineering

ASN | Google Cloud

connect-src Host —

https://checkin.pcmahealth.org

ASN | Google Cloud

frame-ancestors Keyword —

'self'

frame-ancestors Host —

https://vendorservices.epic.com

ASN | EPICSYS - Epic Systems Corporation

frame-ancestors Host —

chrome-extension://nikbjinanfbmjmoaegdhhbeihgeeddcj

frame-ancestors Host —

chrome-extension://hdgoooiiinahjoahcfaeihjogkplhfea

form-action Keyword —

'self'

Content-Security-Policy-Report-Only

No report-only CSP headers found.