Open
Cached
·
5h ago
5
directives
Content-Security-Policy
Content-Security-Policy: upgrade-insecure-requests Content-Security-Policy-Report-Only: default-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline'; connect-src cdn.builder.codes *.builder.io *.schneider-electric.com *.se.com glue.pes-stg.cloud.spryker.toys service.force.com *.apc.com nebula-cdn.kampyle.com ubt-eu.kampyle.com sbt-prod.kampyle.com udc-neb.kampyle.com *.ariba.com *.amazonaws.com twitter.com zinfi.net firebaselogging-pa.googleapis.com firebaseremoteconfig.googleapis.com firebaseinstallations.googleapis.com resources.digital-cloud.medallia.eu/ partnerassessment.secure.force.com se.my.salesforce.com se.my.salesforce-sites.com *.salesforceliveagent.com *.squared.com/* *.onetrust.com seadvantage.force.com:443/ seadvantage.my.site.com:443/ seadvantage.my.site.com/* *.pendo.io tag.commander1.com www.google-analytics.com *.google.com salesforce.com salesforceliveagent.com documentforce.com kampyle.com force.com cookielaw.org unpkg.com cdn.jsdelivr.net *.demandbase.com twimg.com *.twimg.com *.youtube.com *.zinfi.net *.google.ru akstat.io *.go-mpulse.net/* microsoft.com *.clipsal.com/* cdn.cookielaw.org maxcdn.bootstrapcdn.com *.dynatrace.com *.kampyle.com *.google-analytics.com *.amazoncognito.com *.doubleclick.net googlemaps.github.io *.googlemaps.github.io/* maps.googleapis.com *.googleapis.com *.zscaler.net static.lightning.force.com www.apc.com api.company-target.com js-cdn.dynatrace.com c.go-mpulse.net *.akstat.io *.applanga.com 'self' *.akstat.io/ *.d2osz8slymlqdp.cloudfront.net *.google.com.sa *.google.by su.symexbelgium.com d2osz8slymlqdp.cloudfront.net d2cbq57joo8non.cloudfront.net use.typekit.net wss://*.execute-api.us-east-1.amazonaws.com wss://*.iot.us-east-1.amazonaws.com wss://4g5de7bcl4.execute-api.us-east-1.amazonaws.com wss://545sekhka2.execute-api.us-east-1.amazonaws.com wss://a307bjgfbycsj5-ats.iot.us-east-1.amazonaws.com wss://fjwji5pjgbbzzp2xmyispmyo6u.appsync-realtime-api.us-east-1.amazonaws.com wss://ixbskdr5a5bnbhl3qtwi5nhslu.appsync-realtime-api.us-east-1.amazonaws.com wss://qjye63smz5ggbb33xs4rn6hoiq.appsync-realtime-api.us-east-1.amazonaws.com wss://tu43ymv7pc.execute-api.us-east-1.amazonaws.com wss://0jyqaecg5j.execute-api.us-east-1.amazonaws.com wss://a307bjgfbycsj5-ats.iot.us-east-1.amazonaws.com wss://xbezullc75gyffaqf3npo2pavi.appsync-realtime-api.us-east-1.amazonaws.com; report-uri https://semyschneiderweb.report-uri.com/r/t/csp/reportOnly; script-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline' 'nonce-KwaQldLSPp87udryhjY8yg=='
upgrade-insecure-requests
Source
—
(no sources)
Content-Security-Policy-Report-Only
default-src
Keyword
—
'self'
default-src
Scheme
—
blob:
default-src
Scheme
—
https:
default-src
Scheme
—
data:
default-src
Scheme
—
mediastream:
default-src
Keyword
—
'unsafe-eval'
default-src
Keyword
—
'unsafe-inline'
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Keyword
—
'self'
connect-src
Host
—
script-src
Keyword
—
'self'
script-src
Scheme
—
blob:
script-src
Scheme
—
https:
script-src
Scheme
—
data:
script-src
Scheme
—
mediastream:
script-src
Keyword
—
'unsafe-eval'
script-src
Keyword
—
'unsafe-inline'
script-src
Nonce
—
'nonce-KwaQldLSPp87udryhjY8yg=='