Content-Security-Policy Analysis for https://trust.wolfia.com

Open Cached · just now

12 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self' https://*.cloudfront.net https://cdn.wolfia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://js.sentry-cdn.com https://apis.google.com https://accounts.google.com https://connect.nango.dev https://us-assets.i.posthog.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.wolfia.com https://cookiechimp.com https://cdn.jsdelivr.net https://app.chatwoot.com https://cdn.vector.co https://d-code.liadm.com https://*.usbrowserspeed.com https://www.googletagmanager.com https://snap.licdn.com; worker-src 'self' blob: https://cdnjs.cloudflare.com https://*.cloudfront.net https://cdn.wolfia.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://rsms.me https://*.cloudfront.net https://cdn.wolfia.com https://cdn.jsdelivr.net; img-src 'self' data: https://*.googleusercontent.com https://*.randomuser.me https://*.amazonaws.com https://*.cloudfront.net https://cdn.wolfia.com https://us-assets.i.posthog.com https://us.i.posthog.com https://workoscdn.com https://*.liadm.com https://*.logo.dev https://*.theorg.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.com.au https://px.ads.linkedin.com; font-src 'self' https://fonts.gstatic.com https://rsms.me https://*.cloudfront.net https://cdn.wolfia.com; connect-src 'self' https://api.wolfia.com https://api-dev.wolfia.com wss://api.wolfia.com wss://api-dev.wolfia.com *.sentry.io https://api.nango.dev https://us.i.posthog.com https://us-assets.i.posthog.com *.amazonaws.com https://*.cloudfront.net https://cdn.wolfia.com https://cookiechimp.com https://app.chatwoot.com wss://app.chatwoot.com https://cdn.jsdelivr.net https://*.mesh-interactive.com https://api.withmesh.com https://api.ipify.org https://*.usbrowserspeed.com https://d-code.liadm.com https://*.liadm.com https://api.vector.co https://pro.ip-api.com https://graph.microsoft.com https://*.sharepoint.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://px.ads.linkedin.com https://snap.licdn.com; frame-ancestors 'none'; frame-src 'self' https://connect.nango.dev https://docs.google.com *.amazonaws.com https://cookiechimp.com https://app.chatwoot.com https://*.liadm.com https://www.youtube.com; manifest-src 'self' https://*.cloudfront.net https://cdn.wolfia.com; base-uri 'self'; form-action 'self' https://*.sharepoint.com

default-src Keyword —

'self'

default-src Host

AWS CloudFront

https://*.cloudfront.net

default-src Host

Wolfia

https://cdn.wolfia.com

script-src Keyword —

'self'

script-src Keyword —

'unsafe-eval'

script-src Keyword —

'unsafe-inline'

script-src Host

Sentry

https://js.sentry-cdn.com

script-src Host

Google API JS Client

https://apis.google.com

script-src Host

Google Sign-In

https://accounts.google.com

script-src Host —

https://connect.nango.dev

script-src Host

PostHog

https://us-assets.i.posthog.com

ASN | Cloudflare

script-src Host

Cloudflare CDNJS

https://cdnjs.cloudflare.com

ASN | Cloudflare

script-src Host

AWS CloudFront

https://*.cloudfront.net

script-src Host

Wolfia

https://cdn.wolfia.com

script-src Host —

https://cookiechimp.com

ASN | Cloudflare

script-src Host

jsDelivr

https://cdn.jsdelivr.net

script-src Host —

https://app.chatwoot.com

script-src Host

Vector

https://cdn.vector.co

script-src Host —

https://d-code.liadm.com

script-src Host —

https://*.usbrowserspeed.com

script-src Host

Google Tag Manager

https://www.googletagmanager.com

script-src Host

LinkedIn

https://snap.licdn.com

worker-src Keyword —

'self'

worker-src Scheme —

blob:

worker-src Host

Cloudflare CDNJS

https://cdnjs.cloudflare.com

ASN | Cloudflare

worker-src Host

AWS CloudFront

https://*.cloudfront.net

worker-src Host

Wolfia

https://cdn.wolfia.com

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Google Fonts

https://fonts.googleapis.com

style-src Host —

https://rsms.me

ASN | Cloudflare

style-src Host

AWS CloudFront

https://*.cloudfront.net

style-src Host

Wolfia

https://cdn.wolfia.com

style-src Host

jsDelivr

https://cdn.jsdelivr.net

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Host

Google Cloud Storage

https://*.googleusercontent.com

img-src Host —

https://*.randomuser.me

ASN | Cloudflare

img-src Host

AWS

https://*.amazonaws.com

img-src Host

AWS CloudFront

https://*.cloudfront.net

img-src Host

Wolfia

https://cdn.wolfia.com

img-src Host

PostHog

https://us-assets.i.posthog.com

ASN | Cloudflare

img-src Host

PostHog

https://us.i.posthog.com

img-src Host

WorkOS

https://workoscdn.com

ASN | Cloudflare

img-src Host —

https://*.liadm.com

img-src Host

Logo.dev

https://*.logo.dev

img-src Host —

https://*.theorg.com

img-src Host

Google Analytics

https://*.google-analytics.com

img-src Host

Google Tag Manager

https://*.googletagmanager.com

img-src Host

Google Search

https://www.google.com

img-src Host —

https://www.google.com.au

img-src Host

LinkedIn

https://px.ads.linkedin.com

ASN | Microsoft

font-src Keyword —

'self'

font-src Host

Google Fonts

https://fonts.gstatic.com

font-src Host —

https://rsms.me

ASN | Cloudflare

font-src Host

AWS CloudFront

https://*.cloudfront.net

font-src Host

Wolfia

https://cdn.wolfia.com

connect-src Keyword —

'self'

connect-src Host

Wolfia

https://api.wolfia.com

connect-src Host

Wolfia

https://api-dev.wolfia.com

connect-src Host

Wolfia

wss://api.wolfia.com

connect-src Host

Wolfia

wss://api-dev.wolfia.com

connect-src Host

Sentry

*.sentry.io

ASN | Google Cloud

connect-src Host —

https://api.nango.dev

connect-src Host

PostHog

https://us.i.posthog.com

connect-src Host

PostHog

https://us-assets.i.posthog.com

ASN | Cloudflare

connect-src Host

AWS

*.amazonaws.com

connect-src Host

AWS CloudFront

https://*.cloudfront.net

connect-src Host

Wolfia

https://cdn.wolfia.com

connect-src Host —

https://cookiechimp.com

ASN | Cloudflare

connect-src Host —

https://app.chatwoot.com

connect-src Host —

wss://app.chatwoot.com

connect-src Host

jsDelivr

https://cdn.jsdelivr.net

connect-src Host —

https://*.mesh-interactive.com

connect-src Host —

https://api.withmesh.com

connect-src Host

ipify

https://api.ipify.org

ASN | Cloudflare

connect-src Host —

https://*.usbrowserspeed.com

connect-src Host —

https://d-code.liadm.com

connect-src Host —

https://*.liadm.com

connect-src Host

Vector

https://api.vector.co

connect-src Host

IP-API

https://pro.ip-api.com

ASN | AS-GLOBALTELEHOST - GTHost

connect-src Host —

https://graph.microsoft.com

ASN | Microsoft

connect-src Host

Microsoft SharePoint

https://*.sharepoint.com

ASN | Microsoft

connect-src Host

Google Analytics

https://*.google-analytics.com

connect-src Host

Google Analytics

https://*.analytics.google.com

connect-src Host

Google Tag Manager

https://*.googletagmanager.com

connect-src Host

LinkedIn

https://px.ads.linkedin.com

ASN | Microsoft

connect-src Host

LinkedIn

https://snap.licdn.com

frame-ancestors Keyword —

'none'

frame-src Keyword —

'self'

frame-src Host —

https://connect.nango.dev

frame-src Host

G Workspace

https://docs.google.com

frame-src Host

AWS

*.amazonaws.com

frame-src Host —

https://cookiechimp.com

ASN | Cloudflare

frame-src Host —

https://app.chatwoot.com

frame-src Host —

https://*.liadm.com

frame-src Host

YouTube

https://www.youtube.com

manifest-src Keyword —

'self'

manifest-src Host

AWS CloudFront

https://*.cloudfront.net

manifest-src Host

Wolfia

https://cdn.wolfia.com

base-uri Keyword —

'self'

form-action Keyword —

'self'

form-action Host

Microsoft SharePoint

https://*.sharepoint.com

ASN | Microsoft

Content-Security-Policy-Report-Only

No report-only CSP headers found.