Open
Cached
·
just now
11
directives
Content-Security-Policy
Content-Security-Policy: default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://storable.my.site.com https://cdnjs.cloudflare.com https://static.zdassets.com https://appassets.androidplatform.net https://svc.webspellchecker.net https://infird.com blob: https://www.gstatic.com *.googleapis.com https://media.twiliocdn.com https://cdn.tiny.cloud *.callpotential.com *.pendo.io *.radar.cloudflare.com https://connect.facebook.net *.datadoghq-browser-agent.com *.livechatinc.com https://status.callpotential.com https://static.cloudflareinsights.com *.google.com *.gstatic.com; style-src 'self' data: 'unsafe-inline' https://storable.my.site.com *.storage.googleapis.com https://cdnjs.cloudflare.com *.pendo.io https://www.gstatic.com https://cdn.tiny.cloud https://fonts.googleapis.com; img-src * data: https://storable.my.site.com https://*.lightning.force.com blob: cid: file:; font-src 'self' data: https://cdn.scite.ai *.s3.us-east-2.amazonaws.com blob: https://callpotential.github.io https://fonts.gstatic.com; connect-src 'self' https://storable.my.site.com https://storable.my.salesforce-scrt.com wss://voice-js.roaming.twilio.com https://call-api.callpdev.com *.pendo.io https://ekr.zdassets.com https://storablecrm.zendesk.com https://d2rol5dpdbtxxu.cloudfront.net https://primestorage.com https://www.google.com https://g5-assets-cld-res.cloudinary.com wss://sdkgw.us1.twilio.com https://www.google-analytics.com wss://tm.filter:1502 https://sparrow.cloudflare.com https://cdn.livechatinc.com https://api.datacloudstat.com https://assets.storage-mart.com https://www.gstatic.com wss://global.vss.twilio.com https://localhost:49506 https://23f952c79f0385356747f2f213c649be.otlp.bugsnag.com *.grafana.net *.bugsnag.com *.callpotential.com https://clientstream.launchdarkly.com https://production.plaid.com *.radar.cloudflare.com *.rpki.cloudflare.com *.callpsys.com https://data.pendo.io https://cdn.tiny.cloud https://api.livechatinc.com https://maps.googleapis.com wss://tsock.us1.twilio.com wss://chunderw-vpc-gll.twilio.com wss://event-bridge.twilio.com *.amazonaws.com *.googleapis.com *.twilio.com data: blob: *.browser-intake-datadoghq.com; media-src 'self' *.s3.us-east-2.amazonaws.com *.s3.us-east-1.amazonaws.com *.s3.us-west-1.amazonaws.com *.s3.us-west-2.amazonaws.com http://cp-recordings.s3.amazonaws.com data: *.s3.amazonaws.com *.callpotential.com https://callpotential-sys-cdn.s3.us-west-2.amazonaws.com https://api.twilio.com https://sys-call.callpotential.com https://callpotential-sys-recordings.s3.amazonaws.com; frame-src 'self' https://storable.my.site.com https://blocked.teams.cloudflare.com *.pendo.io https://qa.dashboard.callpotential.com https://docs.google.com https://us-west-2.quicksight.aws.amazon.com https://dashboard.callpotential.com https://secure.livechatinc.com data: blob: https://www.google.com https://14x1dcl4ggzw.statuspage.io; worker-src * blob:; frame-ancestors https://storable.my.site.com https://*.callpotential.com; report-uri https://storable.report-uri.com/r/t/csp/enforce
default-src
Keyword
—
'self'
script-src
Keyword
—
'self'
script-src
Scheme
—
data:
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
script-src
Host
—
script-src
Scheme
—
blob:
style-src
Keyword
—
'self'
style-src
Scheme
—
data:
style-src
Keyword
—
'unsafe-inline'
img-src
Host
—
*
img-src
Scheme
—
data:
img-src
Scheme
—
blob:
img-src
Scheme
—
cid:
img-src
Scheme
—
file:
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
font-src
Scheme
—
blob:
connect-src
Keyword
—
'self'
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Scheme
—
data:
connect-src
Scheme
—
blob:
media-src
Keyword
—
'self'
media-src
Scheme
—
data:
frame-src
Keyword
—
'self'
frame-src
Scheme
—
data:
frame-src
Scheme
—
blob:
worker-src
Host
—
*
worker-src
Scheme
—
blob:
Content-Security-Policy-Report-Only
No report-only CSP headers found.