Update to csp.json

hlxsites · Nov 15, 2024 · ab03a32 · ab03a32
1 parent d3195c2
commit ab03a32
Showing 1 changed file with 81 additions and 89 deletions.
diff --git a/scripts/csp.json b/scripts/csp.json
@@ -1,79 +1,80 @@
 {
-  "default-src": [
-      "'self'"
-  ],
+  "default-src": ["'self'"],
   "script-src": [
-      "'self'",
-      "'unsafe-inline'",
-      "'unsafe-eval'",
-      "*.mktoweb.com",
-      "*.googletagmanager.com",
-      "js.zi-scripts.com",
-      "*.zoominfo.com",
-      "*.merative.com",
-      "*.salesloft.com",
-      "*.googleadservices.com",
-      "*.kryogenix.org",
-      "*.adsrvr.org",
-      "www.youtube.com",
-      "cm.everesttech.net",
-      "documentservices.adobe.com",
-      "googleads.g.doubleclick.net",
-      "assets.adobedtm.com",
-      "merative.tt.omtrdc.net",
-      "cdn.jsdelivr.net",
-      "dpm.demdex.net",
-      "munchkin.marketo.net",
-      "rtp-static.marketo.com",
-      "sjrtp7.marketo.com",
-      "cdn.cookielaw.org",
-      "resources.digital-cloud-west.medallia.com",
-      "*.kampyle.com",
-      "js.driftt.com",
-      "https://rum.hlx.page/",
-      "https://*.hotjar.com",
-      "*.tt.omtrdc.net",
-      "*.spotify.com",
-      "embed.podcasts.apple.com",
-      "bat.bing.com",
-      "https://www.clarity.ms",
-      "*.licdn.com",
-      "*.googlesyndication.com",
-      "*.6sc.co",
-      "*.6sense.com"
+    "'self'",
+    "'unsafe-inline'",
+    "'unsafe-eval'",
+    "*.mktoweb.com",
+    "*.googletagmanager.com",
+    "js.zi-scripts.com",
+    "*.zoominfo.com",
+    "*.merative.com",
+    "*.salesloft.com",
+    "*.googleadservices.com",
+    "*.kryogenix.org",
+    "*.adsrvr.org",
+    "www.youtube.com",
+    "cm.everesttech.net",
+    "documentservices.adobe.com",
+    "googleads.g.doubleclick.net",
+    "assets.adobedtm.com",
+    "merative.tt.omtrdc.net",
+    "cdn.jsdelivr.net",
+    "dpm.demdex.net",
+    "munchkin.marketo.net",
+    "rtp-static.marketo.com",
+    "sjrtp7.marketo.com",
+    "cdn.cookielaw.org",
+    "resources.digital-cloud-west.medallia.com",
+    "*.kampyle.com",
+    "js.driftt.com",
+    "https://rum.hlx.page/",
+    "https://*.hotjar.com",
+    "*.tt.omtrdc.net",
+    "*.spotify.com",
+    "embed.podcasts.apple.com",
+    "bat.bing.com",
+    "https://www.clarity.ms",
+    "*.licdn.com",
+    "*.googlesyndication.com",
+    "*.hsadspixel.net"
+    "*.hs-analytics.net"
+    "js.hscta.net"
+    "static.hsappstatic.net"
+    "*.hs-scripts.com"
+
   ],
   "connect-src": [
-      "'self'",
-      "https://*.hlx.page",
-      "https://rum.hlx.page/",
-      "*.mktoweb.com",
-      "*.mktoresp.com",
-      "*.marketo.com",
-      "*.salesloft.com",
-      "js.zi-scripts.com",
-      "*.zoominfo.com",
-      "*.adsrvr.org",
-      "*.112.2o7.net",
-      "assets.adobedtm.com",
-      "viewlicense.adobe.io",
-      "*.onetrust.com",
-      "merative.tt.omtrdc.net",
-      "analytics.google.com",
-      "stats.g.doubleclick.net",
-      "dpm.demdex.net",
-      "cdn.cookielaw.org",
-      "*.medallia.com",
-      "*.kampyle.com",
-      "https://*.hotjar.com",
-      "https://*.hotjar.io",
-      "wss://*.hotjar.com",
-      "*.clarity.ms",
-      "cdn.linkedin.oribi.io",
-      "*.googlesyndication.com",
-      "https://google.com",
-      "px.ads.linkedin.com",
-      "*.6sc.co",
-      "*.6sense.com"
+    "'self'",
+    "https://*.hlx.page",
+    "https://rum.hlx.page/",
+    "*.mktoweb.com",
+    "*.mktoresp.com",
+    "*.marketo.com",
+    "*.salesloft.com",
+    "js.zi-scripts.com",
+    "*.zoominfo.com",
+    "*.adsrvr.org",
+    "*.112.2o7.net",
+    "assets.adobedtm.com",
+    "viewlicense.adobe.io",
+    "*.onetrust.com",
+    "merative.tt.omtrdc.net",
+    "analytics.google.com",
+    "stats.g.doubleclick.net",
+    "dpm.demdex.net",
+    "cdn.cookielaw.org",
+    "*.medallia.com",
+    "*.kampyle.com",
+    "https://*.hotjar.com",
+    "https://*.hotjar.io",
+    "wss://*.hotjar.com",
+    "*.clarity.ms",
+    "cdn.linkedin.oribi.io",
+    "*.googlesyndication.com",
+    "https://google.com",
+    "px.ads.linkedin.com",
+    "js.hscta.net"
   ],
   "img-src": [
     "'self'",
@@ -98,9 +99,8 @@
     "px.ads.linkedin.com",
     "px4.ads.linkedin.com",
     "googleads.g.doubleclick.net",
-    "*.6sc.co",
-    "*.6sense.com"
-
+    "js.hscta.net"
+    "no-cache.hubspot.com"
   ],
   "frame-src": [
     "'self'",
@@ -116,6 +116,7 @@
     "*.kampyle.com",
     "js.driftt.com",
     "*.doubleclick.net"
+    "*.hs-sites.com"
   ],
   "style-src": [
     "'self'",
@@ -138,17 +139,8 @@
     "*.medallia.com",
     "*.kampyle.com"
   ],
-  "object-src": [
-    "'none'"
-  ],
-  "manifest-src": [
-    "'self'"
-  ],
-  "worker-src": [
-    "'none'"
-  ],
-  "media-src": [
-    "'self'",
-    "data: blob: *;"
-  ]
-}
+  "object-src": ["'none'"],
+  "manifest-src": ["'self'"],
+  "worker-src": ["'none'"],
+  "media-src": ["'self'", "data: blob: *;"]
+}