Content-Security-Policy Analysis for https://wetransfer.com

Open Cached · just now

14 directives

Content-Security-Policy

No enforced CSP headers found.

Content-Security-Policy-Report-Only

Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' https://cdn.wetransfer.com 'nonce-4128aa5a-cc8c-47af-a8e4-dfa73acd522d' 'sha256-4hRuHNFOqK6I2GgL9T5HwGETI5qu8rNsCs1G/d5PPBk=' 'sha256-ZES/2z0cbUZYbmG6sgCzU453zUUUmmotyFwnZ7G8WaY=' 'sha256-NvzBT9rJnGEWMlHqwvXg6OHIegGdn5PsAP3YZ7RzmgE=' 'sha256-f/k++c7mXW35G13Y7R6PzP/vWuqKqAVF3ph0iisXZX0=' 'sha256-ws2EcVAq3u/bDFH4r+3pcRahQuX/HRlekAqTc6GnDWI=' 'sha256-Bd1r8fyU+a98FYknUDsYXLvQwPaw2Trg0SDQ0pT+cWY=' 'sha256-scue6/wrhAUP1T4+YMVMvhoJLHziYmv37BcJuN11XwM=' 'sha256-tUHp97FxQMwOfUs1KAvNxJvnntHhr1ukXQBr1sZ/vKA=' 'sha256-L8m6ygYvYlmr5M0s5E/t19ls7FHY3o5G8LFtd8UqytA=' 'sha256-cWB6LeQeTPFHH9QCg8VrP0sPJfqqdgDupHwitbxysNo=' 'sha256-1+tdasFuSYydtmIV8i2k8bpXyDasrvpd0i6vXt5p8xo=' 'sha256-pe6hK6/pXs86IrWP5sSJTjHKKgBqZoSjkbrMZLM0MQg=' 'wasm-unsafe-eval' blob: https://nolan.wetransfer.net https://nolan.wetransferbeta.net https://nolan.wetransferalpha.net https://accounts.google.com https://tagging.wetransfer.com https://www.googletagmanager.com https://bat.bing.com https://cdn.cookielaw.org https://js.stripe.com https://script.hotjar.com https://static.hotjar.com https://*.clarity.ms https://*.rokt.com https://*.hcaptcha.com https://*.typeform.com https://connect.facebook.net https://s.pinimg.com https://ct.pinterest.com https://*.brandmetrics.com https://*.amazon-adsystem.com https://*.crwdcntrl.net https://js.adsrvr.org https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://privacy.wetransfer.com https://*.doubleverify.com https://aam.a47b.com https://cdn.xpln.tech; style-src 'self' https://cdn.wetransfer.com 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com https://*.typeform.com; style-src-elem 'self' https://cdn.wetransfer.com 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com https://*.typeform.com https://www.gstatic.com https://translate.googleapis.com; font-src 'self' https://cdn.wetransfer.com data: https://fonts.gstatic.com; img-src 'self' data: blob: https://*.zendesk.com https://*.zdassets.com https://*.wetransfer.com https://*.wetransfer.net https://*.wetransferbeta.net https://*.wetransferbeta.com https://*.hotjar.com https://bat.bing.com https://bat.bing.net https://cdn.cookielaw.org https://*.googleusercontent.com https://accounts.google.com https://www.googletagmanager.com https://*.amazonaws.com https://www.facebook.com https://connect.facebook.net https://ad.doubleclick.net https://googleads.g.doubleclick.net https://adservice.google.com https://www.google.com https://google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://*.doubleverify.com https://di.rlcdn.com https://*.brandmetrics.com https://*.clarity.ms https://data.ad-score.com https://*.adform.net https://fonts.gstatic.com https://ep1.adtrafficquality.google https://*.flashtalking.com https://*.adsafeprotected.com https://tracker.samplicio.us https://track.activemetering.com https://tag.researchnow.com https://gdesk.hit.gemius.pl https://secure.insightexpressai.com https://*.innovid.com https://secure-gl.imrworldwide.com https://translate.google.com; connect-src 'self' blob: https://wetransferbeta.com https://*.wetransferbeta.net https://*.wetransferbeta.com https://wetransfer.com https://*.wetransfer.net https://*.wetransfer.com https://*.datadoghq.eu https://browser-intake-datadoghq.eu https://*.browser-intake-datadoghq.eu https://*.hcaptcha.com https://*.stripe.com https://*.zendesk.com wss://*.zendesk.com https://*.zdassets.com https://app.launchdarkly.com wss://*.hotjar.com https://*.hotjar.io https://bat.bing.com https://bat.bing.net https://*.clarity.ms https://cdn.cookielaw.org https://*.onetrust.com https://fonts.googleapis.com https://accounts.google.com https://www.google.com https://www.googletagmanager.com https://*.rokt.com https://*.adzerk.net https://*.googlesyndication.com https://*.googleusercontent.com https://*.typeform.com https://*.amazonaws.com https://ct.pinterest.com https://*.amazon-adsystem.com https://ara.paa-reporting-advertising.amazon https://insight.adsrvr.org https://*.crwdcntrl.net https://*.ltmsphrcl.net https://x.bndspn.com https://apps.apple.com https://www.facebook.com https://www.google-analytics.com https://securepubads.g.doubleclick.net https://collector.brandmetrics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://google.com https://ep1.adtrafficquality.google https://csi.gstatic.com https://translate-pa.googleapis.com https://translate.googleapis.com; frame-src 'self' https://accounts.google.com https://tagging.wetransfer.com https://*.stripe.com https://*.hcaptcha.com https://collectapp.page.link https://debugcollectapp.page.link https://*.wetransfer.net https://*.wetransfer.com https://*.wetransferbeta.net https://*.wetransferbeta.com https://*.rokt.com https://match.adsrvr.org https://insight.adsrvr.org https://ct.pinterest.com https://*.crwdcntrl.net https://www.googletagmanager.com https://www.google.com https://cm.g.doubleclick.net https://ep2.adtrafficquality.google https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://*.amazon-adsystem.com https://gum.criteo.com https://google-bidout-d.openx.net https://www.facebook.com https://*.trustpilot.com https://console.googletagservices.com; worker-src 'self' blob:; media-src 'self' blob: https://*.wetransfer.net https://*.wetransfer.com https://*.wetransferbeta.net https://*.wetransferbeta.com https://wetransferplusimages.s3.eu-west-1.amazonaws.com https://static.zdassets.com; object-src 'none'; base-uri 'self'; form-action 'self' https://webto.salesforce.com https://test.salesforce.com https://wetransfer.zendesk.com https://www.facebook.com; report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubabbc81b16855ec184b0753bf36600da1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Afrontend-transfer%2Cenv%3Aproduction%2Cversion%3Aacc46db5e1cde547ef24c01533c7aeb6a95a0217

default-src Keyword —

'self'

script-src Keyword —

'self'

script-src Host —

https://cdn.wetransfer.com

ASN | Amazon

script-src Nonce —

'nonce-4128aa5a-cc8c-47af-a8e4-dfa73acd522d'

script-src Hash —

'sha256-4hRuHNFOqK6I2GgL9T5HwGETI5qu8rNsCs1G/d5PPBk='

script-src Hash —

'sha256-ZES/2z0cbUZYbmG6sgCzU453zUUUmmotyFwnZ7G8WaY='

script-src Hash —

'sha256-NvzBT9rJnGEWMlHqwvXg6OHIegGdn5PsAP3YZ7RzmgE='

script-src Hash —

'sha256-f/k++c7mXW35G13Y7R6PzP/vWuqKqAVF3ph0iisXZX0='

script-src Hash —

'sha256-ws2EcVAq3u/bDFH4r+3pcRahQuX/HRlekAqTc6GnDWI='

script-src Hash —

'sha256-Bd1r8fyU+a98FYknUDsYXLvQwPaw2Trg0SDQ0pT+cWY='

script-src Hash —

'sha256-scue6/wrhAUP1T4+YMVMvhoJLHziYmv37BcJuN11XwM='

script-src Hash —

'sha256-tUHp97FxQMwOfUs1KAvNxJvnntHhr1ukXQBr1sZ/vKA='

script-src Hash —

'sha256-L8m6ygYvYlmr5M0s5E/t19ls7FHY3o5G8LFtd8UqytA='

script-src Hash —

'sha256-cWB6LeQeTPFHH9QCg8VrP0sPJfqqdgDupHwitbxysNo='

script-src Hash —

'sha256-1+tdasFuSYydtmIV8i2k8bpXyDasrvpd0i6vXt5p8xo='

script-src Hash —

'sha256-pe6hK6/pXs86IrWP5sSJTjHKKgBqZoSjkbrMZLM0MQg='

script-src Keyword —

'wasm-unsafe-eval'

script-src Scheme —

blob:

script-src Host —

https://nolan.wetransfer.net

ASN | Amazon

script-src Host —

https://nolan.wetransferbeta.net

ASN | Amazon

script-src Host —

https://nolan.wetransferalpha.net

script-src Host

Google Sign-In

https://accounts.google.com

ASN | Google

script-src Host —

https://tagging.wetransfer.com

ASN | Amazon

script-src Host

Google Tag Manager

https://www.googletagmanager.com

ASN | Google

script-src Host

Microsoft Advertising

https://bat.bing.com

ASN | Microsoft

script-src Host

OneTrust

https://cdn.cookielaw.org

ASN | Cloudflare

script-src Host

Stripe

https://js.stripe.com

ASN | Amazon

script-src Host

Hotjar

https://script.hotjar.com

ASN | Amazon

script-src Host

Hotjar

https://static.hotjar.com

ASN | Amazon

script-src Host

Microsoft Clarity

https://*.clarity.ms

ASN | Microsoft

script-src Host —

https://*.rokt.com

ASN | Cloudflare

script-src Host

hCaptcha

https://*.hcaptcha.com

ASN | Cloudflare

script-src Host

Typeform

https://*.typeform.com

ASN | Amazon

script-src Host

Facebook

https://connect.facebook.net

ASN | Facebook

script-src Host

https://s.pinimg.com

ASN | Akamai

script-src Host

https://ct.pinterest.com

ASN | Akamai

script-src Host —

https://*.brandmetrics.com

ASN | Cloudflare

script-src Host

Amazon Advertising

https://*.amazon-adsystem.com

ASN | Amazon

script-src Host —

https://*.crwdcntrl.net

script-src Host

The Trade Desk

https://js.adsrvr.org

ASN | Amazon

script-src Host

Google DoubleClick

https://securepubads.g.doubleclick.net

ASN | Google

script-src Host

Google DoubleClick

https://googleads.g.doubleclick.net

ASN | Google

script-src Host

Google Conversion Tracking

https://www.googleadservices.com

ASN | Google

script-src Host

Google Search

https://www.google.com

ASN | Google

script-src Host

Google AdSense

https://pagead2.googlesyndication.com

ASN | Google

script-src Host

Zendesk

https://*.zendesk.com

ASN | Cloudflare

script-src Host

Zendesk

https://static.zdassets.com

ASN | Cloudflare

script-src Host —

https://ekr.zdassets.com

ASN | Cloudflare

script-src Host —

https://privacy.wetransfer.com

ASN | Amazon

script-src Host

DoubleVerify

https://*.doubleverify.com

ASN | Cloudflare

script-src Host —

https://aam.a47b.com

ASN | Amazon

script-src Host —

https://cdn.xpln.tech

ASN | Google Cloud

style-src Keyword —

'self'

style-src Host —

https://cdn.wetransfer.com

ASN | Amazon

style-src Keyword —

'unsafe-inline'

style-src Host

Google Fonts

https://fonts.googleapis.com

ASN | Google

style-src Host

Google Sign-In

https://accounts.google.com

ASN | Google

style-src Host

Typeform

https://*.typeform.com

ASN | Amazon

style-src-elem Keyword —

'self'

style-src-elem Host —

https://cdn.wetransfer.com

ASN | Amazon

style-src-elem Keyword —

'unsafe-inline'

style-src-elem Host

Google Fonts

https://fonts.googleapis.com

ASN | Google

style-src-elem Host

Google Sign-In

https://accounts.google.com

ASN | Google

style-src-elem Host

Typeform

https://*.typeform.com

ASN | Amazon

style-src-elem Host

Google Static File Front End

https://www.gstatic.com

ASN | Google

style-src-elem Host

Google Translate

https://translate.googleapis.com

ASN | Google

font-src Keyword —

'self'

font-src Host —

https://cdn.wetransfer.com

ASN | Amazon

font-src Scheme —

data:

font-src Host

Google Fonts

https://fonts.gstatic.com

ASN | Google

img-src Keyword —

'self'

img-src Scheme —

data:

img-src Scheme —

blob:

img-src Host

Zendesk

https://*.zendesk.com

ASN | Cloudflare

img-src Host —

https://*.zdassets.com

img-src Host —

https://*.wetransfer.com

ASN | Amazon

img-src Host —

https://*.wetransfer.net

ASN | Amazon

img-src Host —

https://*.wetransferbeta.net

img-src Host —

https://*.wetransferbeta.com

ASN | Amazon

img-src Host

Hotjar

https://*.hotjar.com

ASN | Amazon

img-src Host

Microsoft Advertising

https://bat.bing.com

ASN | Microsoft

img-src Host

Microsoft Advertising

https://bat.bing.net

ASN | Microsoft

img-src Host

OneTrust

https://cdn.cookielaw.org

ASN | Cloudflare

img-src Host

Google Cloud Storage

https://*.googleusercontent.com

ASN | Google

img-src Host

Google Sign-In

https://accounts.google.com

ASN | Google

img-src Host

Google Tag Manager

https://www.googletagmanager.com

ASN | Google

img-src Host

AWS

https://*.amazonaws.com

ASN | Amazon

img-src Host

Facebook

https://www.facebook.com

ASN | Facebook

img-src Host

Facebook

https://connect.facebook.net

ASN | Facebook

img-src Host

Google DoubleClick

https://ad.doubleclick.net

ASN | Google

img-src Host

Google DoubleClick

https://googleads.g.doubleclick.net

ASN | Google

img-src Host

Google Conversion Tracking

https://adservice.google.com

ASN | Google

img-src Host

Google Search

https://www.google.com

ASN | Google

img-src Host

Google Search

https://google.com

ASN | Google

img-src Host

Google AdSense

https://pagead2.googlesyndication.com

ASN | Google

img-src Host

Google Conversion Tracking

https://www.googleadservices.com

ASN | Google

img-src Host

DoubleVerify

https://*.doubleverify.com

ASN | Cloudflare

img-src Host

Liveramp

https://di.rlcdn.com

ASN | Google Cloud

img-src Host —

https://*.brandmetrics.com

ASN | Cloudflare

img-src Host

Microsoft Clarity

https://*.clarity.ms

ASN | Microsoft

img-src Host —

https://data.ad-score.com

ASN | Google Cloud

img-src Host —

https://*.adform.net

ASN | ADFORM Adform A/S

img-src Host

Google Fonts

https://fonts.gstatic.com

ASN | Google

img-src Host

Google AdSense

https://ep1.adtrafficquality.google

ASN | Google

img-src Host —

https://*.flashtalking.com

ASN | DigitalOcean

img-src Host —

https://*.adsafeprotected.com

ASN | Amazon

img-src Host Samplicio

https://tracker.samplicio.us

ASN | Amazon

img-src Host —

https://track.activemetering.com

ASN | Amazon

img-src Host —

https://tag.researchnow.com

ASN | Amazon

img-src Host —

https://gdesk.hit.gemius.pl

ASN | OVH

img-src Host —

https://secure.insightexpressai.com

ASN | Akamai

img-src Host —

https://*.innovid.com

ASN | Cloudflare

img-src Host —

https://secure-gl.imrworldwide.com

ASN | Amazon

img-src Host

Google Translate

https://translate.google.com

ASN | Google

connect-src Keyword —

'self'

connect-src Scheme —

blob:

connect-src Host —

https://wetransferbeta.com

ASN | Amazon

connect-src Host —

https://*.wetransferbeta.net

connect-src Host —

https://*.wetransferbeta.com

ASN | Amazon

connect-src Host —

https://wetransfer.com

ASN | Amazon

connect-src Host —

https://*.wetransfer.net

ASN | Amazon

connect-src Host —

https://*.wetransfer.com

ASN | Amazon

connect-src Host —

https://*.datadoghq.eu

ASN | Google Cloud

connect-src Host

Datadog

https://browser-intake-datadoghq.eu

ASN | Google Cloud

connect-src Host

Datadog

https://*.browser-intake-datadoghq.eu

ASN | Google Cloud

connect-src Host

hCaptcha

https://*.hcaptcha.com

ASN | Cloudflare

connect-src Host

Stripe

https://*.stripe.com

ASN | Amazon

connect-src Host

Zendesk

https://*.zendesk.com

ASN | Cloudflare

connect-src Host

Zendesk

wss://*.zendesk.com

ASN | Cloudflare

connect-src Host —

https://*.zdassets.com

connect-src Host

LaunchDarkly

https://app.launchdarkly.com

ASN | Fastly

connect-src Host

Hotjar

wss://*.hotjar.com

ASN | Amazon

connect-src Host

Hotjar

https://*.hotjar.io

connect-src Host

Microsoft Advertising

https://bat.bing.com

ASN | Microsoft

connect-src Host

Microsoft Advertising

https://bat.bing.net

ASN | Microsoft

connect-src Host

Microsoft Clarity

https://*.clarity.ms

ASN | Microsoft

connect-src Host

OneTrust

https://cdn.cookielaw.org

ASN | Cloudflare

connect-src Host

OneTrust

https://*.onetrust.com

ASN | Cloudflare

connect-src Host

Google Fonts

https://fonts.googleapis.com

ASN | Google

connect-src Host

Google Sign-In

https://accounts.google.com

ASN | Google

connect-src Host

Google Search

https://www.google.com

ASN | Google

connect-src Host

Google Tag Manager

https://www.googletagmanager.com

ASN | Google

connect-src Host —

https://*.rokt.com

ASN | Cloudflare

connect-src Host —

https://*.adzerk.net

connect-src Host

Google AdSense

https://*.googlesyndication.com

ASN | Google

connect-src Host

Google Cloud Storage

https://*.googleusercontent.com

ASN | Google

connect-src Host

Typeform

https://*.typeform.com

ASN | Amazon

connect-src Host

AWS

https://*.amazonaws.com

ASN | Amazon

connect-src Host

https://ct.pinterest.com

ASN | Akamai

connect-src Host

Amazon Advertising

https://*.amazon-adsystem.com

ASN | Amazon

connect-src Host —

https://ara.paa-reporting-advertising.amazon

ASN | Amazon

connect-src Host

The Trade Desk

https://insight.adsrvr.org

ASN | Amazon

connect-src Host —

https://*.crwdcntrl.net

connect-src Host —

https://*.ltmsphrcl.net

connect-src Host —

https://x.bndspn.com

ASN | Google Cloud

connect-src Host —

https://apps.apple.com

ASN | Akamai

connect-src Host

Facebook

https://www.facebook.com

ASN | Facebook

connect-src Host

Google Analytics

https://www.google-analytics.com

ASN | Google

connect-src Host

Google DoubleClick

https://securepubads.g.doubleclick.net

ASN | Google

connect-src Host —

https://collector.brandmetrics.com

ASN | Cloudflare

connect-src Host

Google DoubleClick

https://googleads.g.doubleclick.net

ASN | Google

connect-src Host

Google Conversion Tracking

https://www.googleadservices.com

ASN | Google

connect-src Host

Google Search

https://google.com

ASN | Google

connect-src Host

Google AdSense

https://ep1.adtrafficquality.google

ASN | Google

connect-src Host

Google Maps

https://csi.gstatic.com

ASN | Google

connect-src Host

Google API JS Client

https://translate-pa.googleapis.com

ASN | Google

connect-src Host

Google Translate

https://translate.googleapis.com

ASN | Google

frame-src Keyword —

'self'

frame-src Host

Google Sign-In

https://accounts.google.com

ASN | Google

frame-src Host —

https://tagging.wetransfer.com

ASN | Amazon

frame-src Host

Stripe

https://*.stripe.com

ASN | Amazon

frame-src Host

hCaptcha

https://*.hcaptcha.com

ASN | Cloudflare

frame-src Host —

https://collectapp.page.link

ASN | Google

frame-src Host —

https://debugcollectapp.page.link

ASN | Google

frame-src Host —

https://*.wetransfer.net

ASN | Amazon

frame-src Host —

https://*.wetransfer.com

ASN | Amazon

frame-src Host —

https://*.wetransferbeta.net

frame-src Host —

https://*.wetransferbeta.com

ASN | Amazon

frame-src Host —

https://*.rokt.com

ASN | Cloudflare

frame-src Host

The Trade Desk

https://match.adsrvr.org

ASN | Amazon

frame-src Host

The Trade Desk

https://insight.adsrvr.org

ASN | Amazon

frame-src Host

https://ct.pinterest.com

ASN | Akamai

frame-src Host —

https://*.crwdcntrl.net

frame-src Host

Google Tag Manager

https://www.googletagmanager.com

ASN | Google

frame-src Host

Google Search

https://www.google.com

ASN | Google

frame-src Host

Google DoubleClick

https://cm.g.doubleclick.net

ASN | Google

frame-src Host

Google AdSense

https://ep2.adtrafficquality.google

ASN | Google

frame-src Host

Google DoubleClick

https://securepubads.g.doubleclick.net

ASN | Google

frame-src Host

Google AdSense

https://*.googlesyndication.com

ASN | Google

frame-src Host

Amazon Advertising

https://*.amazon-adsystem.com

ASN | Amazon

frame-src Host

Criteo

https://gum.criteo.com

ASN | ASN-CRITEO-EUROPE Criteo Technology SAS

frame-src Host

OpenX

https://google-bidout-d.openx.net

ASN | Google Cloud

frame-src Host

Facebook

https://www.facebook.com

ASN | Facebook

frame-src Host

Trustpilot

https://*.trustpilot.com

ASN | Amazon

frame-src Host

Google DoubleClick

https://console.googletagservices.com

ASN | Google

worker-src Keyword —

'self'

worker-src Scheme —

blob:

media-src Keyword —

'self'

media-src Scheme —

blob:

media-src Host —

https://*.wetransfer.net

ASN | Amazon

media-src Host —

https://*.wetransfer.com

ASN | Amazon

media-src Host —

https://*.wetransferbeta.net

media-src Host —

https://*.wetransferbeta.com

ASN | Amazon

media-src Host

AWS

https://wetransferplusimages.s3.eu-west-1.amazonaws.com

ASN | Amazon

media-src Host

Zendesk

https://static.zdassets.com

ASN | Cloudflare

object-src Keyword —

'none'

base-uri Keyword —

'self'

form-action Keyword —

'self'

form-action Host

Salesforce Cloud

https://webto.salesforce.com

ASN | Salesforce

form-action Host

Salesforce Cloud

https://test.salesforce.com

ASN | Salesforce

form-action Host

Zendesk

https://wetransfer.zendesk.com

ASN | Cloudflare

form-action Host

Facebook

https://www.facebook.com

ASN | Facebook

report-uri Host

Datadog

https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubabbc81b16855ec184b0753bf36600da1&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Afrontend-transfer%2Cenv%3Aproduction%2Cversion%3Aacc46db5e1cde547ef24c01533c7aeb6a95a0217

ASN | Google Cloud