Open
Cached
·
just now
15
directives
Content-Security-Policy
Content-Security-Policy: child-src blob:; connect-src 'self' wss://*.app.chime.aws https://*.nr-data.net https://cirrusmdcustomersupport.zendesk.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com wss://*.zopim.com https://api.rollbar.com https://cirrusmd-cmd-production1-data-public-us-east-1.s3.amazonaws.com https://cirrusmd-cmd-production1-data-private-us-east-1.s3.amazonaws.com https://cmd-production1-jabberwocky.cirrusmd.com/api/v1/icdsearch https://cmd-production1-jabberwocky.cirrusmd.com wss://cmd-production1-ws.cirrusmd.com https://sdk.iad-02.braze.com; default-src 'self' https://static.zdassets.com https://*.zopim.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'none'; img-src 'self' data: blob: https://cirrusmd-cmd-production1-data-public-us-east-1.s3.amazonaws.com https://cirrusmd-cmd-production1-data-private-us-east-1.s3.amazonaws.com https://*.zopim.io https://*.googleusercontent.com https://translate.google.com https://*.gstatic.com https://*.nr-data.net https://braze-images.com; object-src 'none'; report-uri /csp_violation_reports; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://cdn.rollbar.com https://static.zdassets.com https://*.zopim.com https://js-agent.newrelic.com https://*.nr-data.net https://assets-production.cirrusmd.com 'nonce-'; script-src-attr 'self' blob: 'unsafe-inline' 'unsafe-eval' https://cdn.rollbar.com https://static.zdassets.com https://*.zopim.com https://js-agent.newrelic.com https://*.nr-data.net https://assets-production.cirrusmd.com; script-src-elem 'self' blob: 'unsafe-inline' 'unsafe-eval' https://cdn.rollbar.com https://static.zdassets.com https://*.zopim.com https://js-agent.newrelic.com https://*.nr-data.net https://assets-production.cirrusmd.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 'nonce-'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src 'self'
child-src
Scheme
—
blob:
connect-src
Keyword
—
'self'
connect-src
Host
—
connect-src
Host
—
default-src
Keyword
—
'self'
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
frame-ancestors
Keyword
—
'none'
img-src
Keyword
—
'self'
img-src
Scheme
—
data:
img-src
Scheme
—
blob:
img-src
Host
—
object-src
Keyword
—
'none'
report-uri
Host
—
script-src
Keyword
—
'self'
script-src
Scheme
—
blob:
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
script-src
Host
—
script-src
Nonce
—
'nonce-'
script-src-attr
Keyword
—
'self'
script-src-attr
Scheme
—
blob:
script-src-attr
Keyword
—
'unsafe-inline'
script-src-attr
Keyword
—
'unsafe-eval'
script-src-attr
Host
—
script-src-elem
Keyword
—
'self'
script-src-elem
Scheme
—
blob:
script-src-elem
Keyword
—
'unsafe-inline'
script-src-elem
Keyword
—
'unsafe-eval'
script-src-elem
Host
—
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
style-src
Nonce
—
'nonce-'
style-src-elem
Keyword
—
'self'
style-src-elem
Keyword
—
'unsafe-inline'
style-src-attr
Keyword
—
'self'
style-src-attr
Keyword
—
'unsafe-inline'
worker-src
Keyword
—
'self'
Content-Security-Policy-Report-Only
No report-only CSP headers found.