Content-Security-Policy Analysis for https://user.pearlcertification.com

Open Cached · just now

17 directives

Content-Security-Policy

Content-Security-Policy: frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.cloudfront.net https://googletagmanager.com https://maps.googleapis.com https://maps.google.com https://script.hotjar.com https://static.hotjar.com https://tagmanager.google.com https://www.googletagmanager.com code.jquery.com https://js.recurly.com https://cdnjs.cloudflare.com; style-src 'self' 'report-sample' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com tagmanager.google.com www.googletagmanager.com code.jquery.com https://js.recurly.com; object-src 'none'; frame-src 'self' maps.googleapis.com maps.google.com vars.hotjar.com www.googletagmanager.com *.pandadoc.com https://api.recurly.com; child-src 'self' www.googletagmanager.com; img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.ggpht.com *.cloudfront.net maps.google.com res.cloudinary.com script.hotjar.com www.googletagmanager.com; font-src 'self' data: *.cloudfront.net fonts.googleapis.com fonts.gstatic.com res.cloudinary.com script.hotjar.com; connect-src 'self' *.api.smartystreets.com *.hotjar.com *.hotjar.io fonts.gstatic.com fonts.googleapis.com maps.google.com maps.googleapis.com region1.google-analytics.com res.cloudinary.com www.googletagmanager.com https://api.recurly.com https://*.api.pearlcertification.com https://api.pearlcertification.com; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self' res.cloudinary.com; prefetch-src 'self'; worker-src 'self';

frame-ancestors Keyword —

'self'

block-all-mixed-content Source —

(no sources)

default-src Keyword —

'self'

script-src Keyword —

'self'

script-src Keyword —

'report-sample'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host

AWS CloudFront

https://*.cloudfront.net

script-src Host

Google Tag Manager

https://googletagmanager.com

script-src Host

Google Maps

https://maps.googleapis.com

script-src Host

Google Maps

https://maps.google.com

script-src Host

Hotjar

https://script.hotjar.com

script-src Host

Hotjar

https://static.hotjar.com

script-src Host

Google Tag Manager

https://tagmanager.google.com

script-src Host

Google Tag Manager

https://www.googletagmanager.com

script-src Host

jQuery

code.jquery.com

script-src Host

Recurly

https://js.recurly.com

ASN | Google Cloud

script-src Host

Cloudflare CDNJS

https://cdnjs.cloudflare.com

ASN | Cloudflare

style-src Keyword —

'self'

style-src Keyword —

'report-sample'

style-src Keyword —

'unsafe-inline'

style-src Host

AWS CloudFront

*.cloudfront.net

style-src Host

Google Fonts

fonts.googleapis.com

style-src Host

Google Tag Manager

tagmanager.google.com

style-src Host

Google Tag Manager

www.googletagmanager.com

style-src Host

jQuery

code.jquery.com

style-src Host

Recurly

https://js.recurly.com

ASN | Google Cloud

object-src Keyword —

'none'

frame-src Keyword —

'self'

frame-src Host

Google Maps

maps.googleapis.com

frame-src Host

Google Maps

maps.google.com

frame-src Host

Hotjar

vars.hotjar.com

frame-src Host

Google Tag Manager

www.googletagmanager.com

frame-src Host —

*.pandadoc.com

ASN | Incapsula

frame-src Host

Recurly

https://api.recurly.com

ASN | Google Cloud

child-src Keyword —

'self'

child-src Host

Google Tag Manager

www.googletagmanager.com

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Scheme —

blob:

img-src Host

Google Static File Front End

*.gstatic.com

img-src Host

Google API JS Client

*.googleapis.com

img-src Host —

*.ggpht.com

img-src Host

AWS CloudFront

*.cloudfront.net

img-src Host

Google Maps

maps.google.com

img-src Host

Cloudinary

res.cloudinary.com

ASN | Cloudflare

img-src Host

Hotjar

script.hotjar.com

img-src Host

Google Tag Manager

www.googletagmanager.com

font-src Keyword —

'self'

font-src Scheme —

data:

font-src Host

AWS CloudFront

*.cloudfront.net

font-src Host

Google Fonts

fonts.googleapis.com

font-src Host

Google Fonts

fonts.gstatic.com

font-src Host

Cloudinary

res.cloudinary.com

ASN | Cloudflare

font-src Host

Hotjar

script.hotjar.com

connect-src Keyword —

'self'

connect-src Host —

*.api.smartystreets.com

ASN | UPCLOUDUSA - UpCloud USA Inc

connect-src Host

Hotjar

*.hotjar.com

connect-src Host

Hotjar

*.hotjar.io

connect-src Host

Google Fonts

fonts.gstatic.com

connect-src Host

Google Fonts

fonts.googleapis.com

connect-src Host

Google Maps

maps.google.com

connect-src Host

Google Maps

maps.googleapis.com

connect-src Host

Google Analytics

region1.google-analytics.com

connect-src Host

Cloudinary

res.cloudinary.com

ASN | Cloudflare

connect-src Host

Google Tag Manager

www.googletagmanager.com

connect-src Host

Recurly

https://api.recurly.com

ASN | Google Cloud

connect-src Host —

https://*.api.pearlcertification.com

connect-src Host —

https://api.pearlcertification.com

manifest-src Keyword —

'self'

base-uri Keyword —

'self'

form-action Keyword —

'self'

media-src Keyword —

'self'

media-src Host

Cloudinary

res.cloudinary.com

ASN | Cloudflare

prefetch-src Keyword —

'self'

worker-src Keyword —

'self'

Content-Security-Policy-Report-Only

No report-only CSP headers found.