https://app.juni.co

back
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.ads-twitter.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hsappstatic.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.hubspotusercontent00.net *.juni.co *.segment.io *.twitter.com *.usemessages.com ads-twitter.com blob: cdn.segment.com/analytics-next/bundles/* cdn.segment.com/analytics.js/v1/f7V8Ng68avpQBJYgxGLjVeC2qqa280uR/analytics.min.js cdn.segment.com/next-integrations/integrations/* cdn.segment.com/v1/projects/f7V8Ng68avpQBJYgxGLjVeC2qqa280uR/settings data: doubleclick.net facebook.com facebook.net google-analytics.com google.com googleadservices.com googleapis.com googletagmanager.com gstatic.com hotjar.com hotjar.io hs-analytics.net hs-banner.com hs-scripts.com hsadspixel.net hsappstatic.net hscollectedforms.net https: hubapi.com hubspot.com hubspotusercontent00.net juni.builder.salesforce-experience.com juni.co juni.my.site.com segment.io twitter.com usemessages.com ws: wss:;
frame-ancestors *.hubspot.com;
upgrade-insecure-requests;
base-uri 'self';
report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd6297f5218fd5ae0acdad59ac50f7215&dd-evp-origin=content-security-policy&ddsource=csp-report;
HighMediumLowInfo
4 30 3 0

Time: a day ago

Source: header

Disposition: enforce

Policies: 1

Total Findings: 37

Scan Results

HIGH
Usage of permissive scheme-source in sensitive directive
default-src
HIGH
Usage of permissive scheme-source in sensitive directive
default-src
HIGH
Usage of permissive scheme-source in sensitive directive
default-src
HIGH
Usage of permissive scheme-source in sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Missing object-src (with non-restrictive default-src)
object-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Missing script-src (with default-src)
script-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Wildcard in origin for sensitive directive
default-src
MEDIUM
Non-encrypted loading of external assets (http: / ws:)
default-src
LOW
Missing form-action
form-action
LOW
Missing 'report-sample'
script-src
LOW
Missing 'report-sample'
style-src
Looking for more tools to make CSP easier?

Csper has the tools to help you understand, deploy and manage your content security policy. Get started in minutes. Report aggregations, classification, analysis, alerting, realtime and more. Free 14 day trial.