Open
Cached
·
just now
9
directives
Content-Security-Policy
Content-Security-Policy: upgrade-insecure-requests; base-uri 'self'; img-src 'self' https: blob: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.idec.com idecusa.my.site.com service.force.com *.salesforce.com *.doubleclick.net *.google.com tpc.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.go-mpulse.net browser-update.org *.salesforceliveagent.com snap.licdn.com *.webtraxs.com api.ipify.org cdn.doofinder.com rw1.marchex.io h.online-metrix.net *.cybersource.com s.yimg.jp yubinbango.github.io *.feedbackify.com consent.cookiebot.com platform-api.sharethis.com code.jivosite.com www.gstatic.com consentcdn.cookiebot.com buttons-config.sharethis.com t.sharethis.com s3.amazonaws.com 684d0d41.akstat.io orbitvu.co *.orbitvu.co *.go-mpulse.net hm.baidu.com bat.bing.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com js.hubspot.com js.hsadspixel.net *.contentsquare.net js.hsforms.net cdn.jsdelivr.net *.imagino.com *.newrelic.com; frame-ancestors 'self' *.contentful.com; worker-src 'self' blob:;
upgrade-insecure-requests
Source
—
(no sources)
base-uri
Keyword
—
'self'
img-src
Keyword
—
'self'
img-src
Scheme
—
https:
img-src
Scheme
—
blob:
img-src
Scheme
—
data:
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
style-src
Scheme
—
https:
font-src
Keyword
—
'self'
font-src
Scheme
—
https:
object-src
Keyword
—
'none'
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
script-src
Host
—
script-src
Host
—
frame-ancestors
Keyword
—
'self'
worker-src
Keyword
—
'self'
worker-src
Scheme
—
blob:
Content-Security-Policy-Report-Only
No report-only CSP headers found.