Content-Security-Policy Analysis for https://www.squared.com

Open Cached · just now

5 directives

Content-Security-Policy

Content-Security-Policy: upgrade-insecure-requests
Content-Security-Policy-Report-Only: default-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline'; connect-src cdn.builder.codes *.builder.io *.schneider-electric.com *.se.com glue.pes-stg.cloud.spryker.toys service.force.com *.apc.com nebula-cdn.kampyle.com ubt-eu.kampyle.com sbt-prod.kampyle.com udc-neb.kampyle.com *.ariba.com *.amazonaws.com twitter.com zinfi.net firebaselogging-pa.googleapis.com firebaseremoteconfig.googleapis.com firebaseinstallations.googleapis.com resources.digital-cloud.medallia.eu/ partnerassessment.secure.force.com se.my.salesforce.com se.my.salesforce-sites.com *.salesforceliveagent.com *.squared.com/* *.onetrust.com seadvantage.force.com:443/ seadvantage.my.site.com:443/ seadvantage.my.site.com/* *.pendo.io tag.commander1.com www.google-analytics.com *.google.com salesforce.com salesforceliveagent.com documentforce.com kampyle.com force.com cookielaw.org unpkg.com cdn.jsdelivr.net *.demandbase.com twimg.com *.twimg.com *.youtube.com *.zinfi.net *.google.ru akstat.io *.go-mpulse.net/* microsoft.com *.clipsal.com/* cdn.cookielaw.org maxcdn.bootstrapcdn.com *.dynatrace.com *.kampyle.com *.google-analytics.com *.amazoncognito.com *.doubleclick.net googlemaps.github.io *.googlemaps.github.io/* maps.googleapis.com *.googleapis.com *.zscaler.net static.lightning.force.com www.apc.com api.company-target.com js-cdn.dynatrace.com c.go-mpulse.net *.akstat.io *.applanga.com 'self' *.akstat.io/ *.d2osz8slymlqdp.cloudfront.net *.google.com.sa *.google.by su.symexbelgium.com d2osz8slymlqdp.cloudfront.net d2cbq57joo8non.cloudfront.net use.typekit.net wss://*.execute-api.us-east-1.amazonaws.com wss://*.iot.us-east-1.amazonaws.com wss://4g5de7bcl4.execute-api.us-east-1.amazonaws.com wss://545sekhka2.execute-api.us-east-1.amazonaws.com wss://a307bjgfbycsj5-ats.iot.us-east-1.amazonaws.com wss://fjwji5pjgbbzzp2xmyispmyo6u.appsync-realtime-api.us-east-1.amazonaws.com wss://ixbskdr5a5bnbhl3qtwi5nhslu.appsync-realtime-api.us-east-1.amazonaws.com wss://qjye63smz5ggbb33xs4rn6hoiq.appsync-realtime-api.us-east-1.amazonaws.com wss://tu43ymv7pc.execute-api.us-east-1.amazonaws.com wss://0jyqaecg5j.execute-api.us-east-1.amazonaws.com wss://a307bjgfbycsj5-ats.iot.us-east-1.amazonaws.com wss://xbezullc75gyffaqf3npo2pavi.appsync-realtime-api.us-east-1.amazonaws.com; report-uri https://semyschneiderweb.report-uri.com/r/t/csp/reportOnly; script-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline' 'nonce-rMdagidlmAS8Kxx5U1gTcA=='

upgrade-insecure-requests Source — (no sources)

Content-Security-Policy-Report-Only

default-src Keyword — 'self'

default-src Scheme — blob:

default-src Scheme — https:

default-src Scheme — data:

default-src Scheme — mediastream:

default-src Keyword — 'unsafe-eval'

default-src Keyword — 'unsafe-inline'

connect-src Host — cdn.builder.codes

connect-src Host Builder.io *.builder.io

connect-src Host — *.schneider-electric.com

connect-src Host — *.se.com

connect-src Host — glue.pes-stg.cloud.spryker.toys

connect-src Host

Salesforce Sites service.force.com

connect-src Host — *.apc.com

connect-src Host — nebula-cdn.kampyle.com

connect-src Host — ubt-eu.kampyle.com

connect-src Host — sbt-prod.kampyle.com

connect-src Host — udc-neb.kampyle.com

connect-src Host — *.ariba.com

connect-src Host

AWS *.amazonaws.com

connect-src Host

Twitter twitter.com

connect-src Host — zinfi.net

connect-src Host

Google API JS Client firebaselogging-pa.googleapis.com

connect-src Host

Google API JS Client firebaseremoteconfig.googleapis.com

connect-src Host

Google API JS Client firebaseinstallations.googleapis.com

connect-src Host — resources.digital-cloud.medallia.eu/

connect-src Host

Salesforce Sites partnerassessment.secure.force.com

connect-src Host

Salesforce Cloud se.my.salesforce.com

connect-src Host

Salesforce Sites se.my.salesforce-sites.com

connect-src Host

Salesforce Cloud *.salesforceliveagent.com

connect-src Host — *.squared.com/*

connect-src Host

OneTrust *.onetrust.com

connect-src Host

Salesforce Sites seadvantage.force.com:443/

connect-src Host

Salesforce Sites seadvantage.my.site.com:443/

connect-src Host

Salesforce Sites seadvantage.my.site.com/*

connect-src Host

Pendo *.pendo.io

connect-src Host — tag.commander1.com

connect-src Host

Google Analytics www.google-analytics.com

connect-src Host

Google Search *.google.com

connect-src Host

Salesforce Cloud salesforce.com

connect-src Host

Salesforce Cloud salesforceliveagent.com

connect-src Host — documentforce.com

connect-src Host — kampyle.com

connect-src Host

Salesforce Sites force.com

connect-src Host

OneTrust cookielaw.org

connect-src Host

unpkg unpkg.com

connect-src Host

jsDelivr cdn.jsdelivr.net

connect-src Host Demandbase *.demandbase.com

connect-src Host

Twitter twimg.com

connect-src Host

Twitter *.twimg.com

connect-src Host

YouTube *.youtube.com

connect-src Host — *.zinfi.net

connect-src Host — *.google.ru

connect-src Host — akstat.io

connect-src Host — *.go-mpulse.net/*

connect-src Host — microsoft.com

connect-src Host — *.clipsal.com/*

connect-src Host

OneTrust cdn.cookielaw.org

connect-src Host

BootstrapCDN maxcdn.bootstrapcdn.com

connect-src Host

Dynatrace *.dynatrace.com

connect-src Host — *.kampyle.com

connect-src Host

Google Analytics *.google-analytics.com

connect-src Host — *.amazoncognito.com

connect-src Host

Google DoubleClick *.doubleclick.net

connect-src Host

GitHub googlemaps.github.io

connect-src Host

GitHub *.googlemaps.github.io/*

connect-src Host

Google Maps maps.googleapis.com

connect-src Host

Google API JS Client *.googleapis.com

connect-src Host

Zscaler *.zscaler.net

connect-src Host

Salesforce Sites static.lightning.force.com

connect-src Host — www.apc.com

connect-src Host — api.company-target.com

connect-src Host

Dynatrace js-cdn.dynatrace.com

connect-src Host — c.go-mpulse.net

connect-src Host — *.akstat.io

connect-src Host — *.applanga.com

connect-src Keyword — 'self'

connect-src Host — *.akstat.io/

connect-src Host

Amazon CloudFront *.d2osz8slymlqdp.cloudfront.net

connect-src Host — *.google.com.sa

connect-src Host — *.google.by

connect-src Host — su.symexbelgium.com

connect-src Host

Amazon CloudFront d2osz8slymlqdp.cloudfront.net

connect-src Host

Amazon CloudFront d2cbq57joo8non.cloudfront.net

connect-src Host

Adobe Fonts (Typekit) use.typekit.net

connect-src Host

AWS wss://*.execute-api.us-east-1.amazonaws.com

connect-src Host

AWS wss://*.iot.us-east-1.amazonaws.com

connect-src Host

AWS API Gateway wss://4g5de7bcl4.execute-api.us-east-1.amazonaws.com

connect-src Host

AWS API Gateway wss://545sekhka2.execute-api.us-east-1.amazonaws.com

connect-src Host

AWS wss://a307bjgfbycsj5-ats.iot.us-east-1.amazonaws.com

connect-src Host

AWS wss://fjwji5pjgbbzzp2xmyispmyo6u.appsync-realtime-api.us-east-1.amazonaws.com

connect-src Host

AWS wss://ixbskdr5a5bnbhl3qtwi5nhslu.appsync-realtime-api.us-east-1.amazonaws.com

connect-src Host

AWS wss://qjye63smz5ggbb33xs4rn6hoiq.appsync-realtime-api.us-east-1.amazonaws.com

connect-src Host

AWS API Gateway wss://tu43ymv7pc.execute-api.us-east-1.amazonaws.com

connect-src Host

AWS API Gateway wss://0jyqaecg5j.execute-api.us-east-1.amazonaws.com

connect-src Host

AWS wss://a307bjgfbycsj5-ats.iot.us-east-1.amazonaws.com

connect-src Host

AWS wss://xbezullc75gyffaqf3npo2pavi.appsync-realtime-api.us-east-1.amazonaws.com

report-uri Host

Report URI https://semyschneiderweb.report-uri.com/r/t/csp/reportOnly

script-src Keyword — 'self'

script-src Scheme — blob:

script-src Scheme — https:

script-src Scheme — data:

script-src Scheme — mediastream:

script-src Keyword — 'unsafe-eval'

script-src Keyword — 'unsafe-inline'

script-src Keyword — 'nonce-rMdagidlmAS8Kxx5U1gTcA=='