Content-Security-Policy Analysis for https://tax.sovos.com

Open Cached · just now

13 directives

Content-Security-Policy

Content-Security-Policy: upgrade-insecure-requests; base-uri 'none'; default-src 'self' https://*.crazyegg.com; connect-src 'self' https: ws: https://*.crazyegg.com; img-src 'self' https: data: blob: https://*.sovos.com https://cdn.bfldr.com https://*.crazyegg.com; media-src 'self' data: blob: https://*.sovos.com; object-src 'self' https://*.sovos.com https://cdn.bfldr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https:; worker-src 'self' blob:; frame-src 'self' https://*.sovos.com https://*.youtube.com https://*.marketo.com https://fast.wistia.com https://fast.wistia.net https://js.driftt.com https://www.google.com https://www.googletagmanager.com https://documentcloud.adobe.com https://*.flowpaper.com https://e.infogram.com https://td.doubleclick.net https://recruit.hirebridge.com https://maps.google.com https://app.getreprise.com https://cdn.bfldr.com https://*.crazyegg.com; frame-ancestors 'self' https://*.sovos.com;

upgrade-insecure-requests Source —

(no sources)

base-uri Keyword —

'none'

default-src Keyword —

'self'

default-src Host

Crazy Egg

https://*.crazyegg.com

connect-src Keyword —

'self'

connect-src Scheme —

https:

connect-src Scheme —

ws:

connect-src Host

Crazy Egg

https://*.crazyegg.com

img-src Keyword —

'self'

img-src Scheme —

https:

img-src Scheme —

data:

img-src Scheme —

blob:

img-src Host —

https://*.sovos.com

img-src Host —

https://cdn.bfldr.com

img-src Host

Crazy Egg

https://*.crazyegg.com

media-src Keyword —

'self'

media-src Scheme —

data:

media-src Scheme —

blob:

media-src Host —

https://*.sovos.com

object-src Keyword —

'self'

object-src Host —

https://*.sovos.com

object-src Host —

https://cdn.bfldr.com

script-src Keyword —

'self'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Scheme —

https:

script-src Scheme —

data:

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Scheme —

https:

font-src Keyword —

'self'

font-src Scheme —

data:

font-src Scheme —

https:

worker-src Keyword —

'self'

worker-src Scheme —

blob:

frame-src Keyword —

'self'

frame-src Host —

https://*.sovos.com

frame-src Host

YouTube

https://*.youtube.com

frame-src Host

Adobe Marketo

https://*.marketo.com

ASN | Cloudflare

frame-src Host

Wistia

https://fast.wistia.com

frame-src Host

Wistia

https://fast.wistia.net

frame-src Host

Drift

https://js.driftt.com

frame-src Host

Google Search

https://www.google.com

frame-src Host

Google Tag Manager

https://www.googletagmanager.com

frame-src Host —

https://documentcloud.adobe.com

frame-src Host —

https://*.flowpaper.com

ASN | Cloudflare

frame-src Host —

https://e.infogram.com

frame-src Host

Google DoubleClick

https://td.doubleclick.net

frame-src Host —

https://recruit.hirebridge.com

ASN | Microsoft

frame-src Host

Google Maps

https://maps.google.com

frame-src Host

Reprise

https://app.getreprise.com

ASN | Google Cloud

frame-src Host —

https://cdn.bfldr.com

frame-src Host

Crazy Egg

https://*.crazyegg.com

frame-ancestors Keyword —

'self'

frame-ancestors Host —

https://*.sovos.com

Content-Security-Policy-Report-Only

No report-only CSP headers found.