Open
Cached
·
just now
13
directives
Content-Security-Policy
No enforced CSP headers found.
Content-Security-Policy-Report-Only
Content-Security-Policy-Report-Only: connect-src 'self' blob: *.agendrix.com analytics.google.com region1.analytics.google.com region1.google-analytics.com www.google-analytics.com www.google.com www.google.ca www.google.fr stats.g.doubleclick.net www.googletagmanager.com *.hubapi.com *.hubspot.com *.hsforms.com content.hotjar.io metrics.hotjar.io vc.hotjar.io wss://ws.hotjar.com *.pathmonk.com a.omappapi.com api.omappapi.com z.omappapi.com bat.bing.com bat.bing.net www.facebook.com px.ads.linkedin.com pixel-config.reddit.com www.googleadservices.com pagead2.googlesyndication.com cdn-cookieyes.com log.cookieyes.com directory.cookieyes.com ams.wpml.org maps.googleapis.com g.tenor.com media.tenor.com my.yoast.com static.cloudflareinsights.com cloudflareinsights.com unpkg.com edge.fullstory.com rs.fullstory.com *.ingest.sentry.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io api-iam.intercom.io *.intercom-messenger.com agendrix.cloudflareaccess.com cdn.jsdelivr.net cdn-4.convertexperiments.com; default-src 'self' *.agendrix.com; font-src 'self' data: *.agendrix.com fonts.gstatic.com fonts.intercomcdn.com; form-action 'self' *.agendrix.com accounts.google.com appleid.apple.com *.hsforms.com; frame-ancestors 'self'; frame-src 'self' *.agendrix.com www.google.com www.googletagmanager.com calendly.com *.hotjar.com vars.hotjar.com *.hsforms.com www.facebook.com td.doubleclick.net www.youtube.com www.youtube-nocookie.com; img-src 'self' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.agendrix.com *.hs-analytics.net *.hs-scripts.com *.hs-banner.com *.hsadspixel.net *.hsforms.net www.googletagmanager.com static.cloudflareinsights.com cdn-4.convertexperiments.com *.pathmonk.com static.hotjar.com script.hotjar.com a.omappapi.com cdn-cookieyes.com www.google.com www.gstatic.com maps.googleapis.com googleads.g.doubleclick.net snap.licdn.com bat.bing.com www.redditstatic.com connect.facebook.net unpkg.com assets.calendly.com ams.wpml.org yoast.com edge.fullstory.com widget.intercom.io js.intercomcdn.com www.youtube.com; style-src 'self' 'unsafe-inline' *.agendrix.com fonts.googleapis.com a.omappapi.com *.pathmonk.com ams.wpml.org cdnjs.cloudflare.com; upgrade-insecure-requests; worker-src 'self' blob:; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=RUUVCdckqZ88GaQL64lFj05FTty14c0VTGqGnAkKztc-1777782224.4435565-1.0.1.1-e5LUPRf48vQ8Yw1THuvXaTk9ketOD5nKnJndULEcPO2R7DEnURCldVJRCfr2Wdf1PrnD0oQKn3v0WBxY4mIjCEB1_YipPmH2z4.rSPOUHpUpSPjFvvJKJSvhc_Q6H.qnJWR4.h2e2r1_AZ_r0aCYbGXljztN0pgGMmJkH7B2vkUMHY3FXKATzwE05WnZJji2Bh140VNYFfZYbPqeeVb8dQ; report-to cf-qrtlgwoxlbajyyvo
connect-src
Keyword
—
'self'
connect-src
Scheme
—
blob:
default-src
Keyword
—
'self'
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
form-action
Keyword
—
'self'
frame-ancestors
Keyword
—
'self'
frame-src
Keyword
—
'self'
img-src
Keyword
—
'self'
img-src
Scheme
—
data:
img-src
Scheme
—
blob:
img-src
Scheme
—
https:
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
upgrade-insecure-requests
Source
—
(no sources)
worker-src
Keyword
—
'self'
worker-src
Scheme
—
blob:
report-to
Host
—