Content-Security-Policy Analysis for https://trust.upstart.com

Open Cached · just now

7 directives

Content-Security-Policy

Content-Security-Policy: frame-src 'self' https://app.workato.com https://app.hubspot.com https://td.doubleclick.net https://www.googletagmanager.com data: https://prod-reports.visotrust.com https://support.visotrust.com; script-src 'self' 'unsafe-eval' 'sha256-aKk4sKPFGvNySDwHJpMXAROJz5pNjxX9Xjllcqa5tc0=' 'sha256-6TI4qFc8sUWb+GH233OczmkSIzaGxufDtf0WkpnmT1A=' https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://www.googletagmanager.com/debug/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/ https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.usemessages.com https://js.hs-banner.com https://js.hs-scripts.com https://*.hs-scripts.com https://snap.licdn.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com https://cdn.lr-ingest.com https://cdn.ingest-lr.com https://cdn.lr-intake.com https://js.hs-scripts.com; style-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com https://global.oktacdn.com; img-src https://forms.hsforms.com https://fonts.gstatic.com https://www.google.com https://px.ads.linkedin.com https://*.linkedin.com https://track.hubspot.com https://www.googletagmanager.com 'self' blob: data: https://px.ads.linkedin.com https://global.oktacdn.com https://static.visotrust.com https://googletagmanager.com; font-src 'self' https://fonts.gstatic.com https://global.oktacdn.com; object-src 'none'; worker-src 'self' blob:;

frame-src Keyword —

'self'

frame-src Host

Workato

https://app.workato.com

frame-src Host

HubSpot

https://app.hubspot.com

ASN | Cloudflare

frame-src Host

Google DoubleClick

https://td.doubleclick.net

frame-src Host

Google Tag Manager

https://www.googletagmanager.com

frame-src Scheme —

data:

frame-src Host —

https://prod-reports.visotrust.com

ASN | Cloudflare

frame-src Host —

https://support.visotrust.com

ASN | Google Cloud

script-src Keyword —

'self'

script-src Keyword —

'unsafe-eval'

script-src Hash —

'sha256-aKk4sKPFGvNySDwHJpMXAROJz5pNjxX9Xjllcqa5tc0='

script-src Hash —

'sha256-6TI4qFc8sUWb+GH233OczmkSIzaGxufDtf0WkpnmT1A='

script-src Host

Google DoubleClick

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/

script-src Host

Google Tag Manager

https://www.googletagmanager.com/debug/

script-src Host

Google Tag Manager

https://www.googletagmanager.com/gtm.js

script-src Host

Google Tag Manager

https://www.googletagmanager.com/gtag/

script-src Host

HubSpot Forms

https://js.hscollectedforms.net

ASN | Cloudflare

script-src Host

HubSpot Analytics

https://js.hs-analytics.net

ASN | Cloudflare

script-src Host

HubSpot

https://js.hsadspixel.net

ASN | Cloudflare

script-src Host

HubSpot Live Chat

https://js.usemessages.com

ASN | Cloudflare

script-src Host

HubSpot

https://js.hs-banner.com

ASN | Cloudflare

script-src Host

HubSpot

https://js.hs-scripts.com

ASN | Cloudflare

script-src Host

HubSpot

https://*.hs-scripts.com

script-src Host

LinkedIn

https://snap.licdn.com

script-src Host —

https://cdn.logrocket.io

ASN | Cloudflare

script-src Host —

https://cdn.lr-ingest.io

ASN | Cloudflare

script-src Host —

https://cdn.lr-in.com

ASN | Cloudflare

script-src Host —

https://cdn.lr-in-prod.com

ASN | Cloudflare

script-src Host —

https://cdn.lr-ingest.com

ASN | Cloudflare

script-src Host —

https://cdn.ingest-lr.com

ASN | Cloudflare

script-src Host —

https://cdn.lr-intake.com

ASN | Cloudflare

script-src Host

HubSpot

https://js.hs-scripts.com

ASN | Cloudflare

style-src-elem Keyword —

'self'

style-src-elem Keyword —

'unsafe-inline'

style-src-elem Host

Google Tag Manager

https://www.googletagmanager.com

style-src-elem Host

Google Fonts

https://fonts.googleapis.com

style-src-elem Host —

https://global.oktacdn.com

img-src Host

HubSpot Forms

https://forms.hsforms.com

ASN | Cloudflare

img-src Host

Google Fonts

https://fonts.gstatic.com

img-src Host

Google Search

https://www.google.com

img-src Host

LinkedIn

https://px.ads.linkedin.com

ASN | Microsoft

img-src Host

LinkedIn

https://*.linkedin.com

ASN | Microsoft

img-src Host

HubSpot

https://track.hubspot.com

ASN | Cloudflare

img-src Host

Google Tag Manager

https://www.googletagmanager.com

img-src Keyword —

'self'

img-src Scheme —

blob:

img-src Scheme —

data:

img-src Host

LinkedIn

https://px.ads.linkedin.com

ASN | Microsoft

img-src Host —

https://global.oktacdn.com

img-src Host —

https://static.visotrust.com

img-src Host

Google Tag Manager

https://googletagmanager.com

font-src Keyword —

'self'

font-src Host

Google Fonts

https://fonts.gstatic.com

font-src Host —

https://global.oktacdn.com

object-src Keyword —

'none'

worker-src Keyword —

'self'

worker-src Scheme —

blob:

Content-Security-Policy-Report-Only

No report-only CSP headers found.