Open
Cached
·
just now
9
directives
Content-Security-Policy
Content-Security-Policy: base-uri 'self';connect-src 'self' https: http://localhost:* wss: data: blob: https://edge.fullstory.com https://rs.fullstory.com https://edge.eu1.fullstory.com https://rs.eu1.fullstory.com;frame-src https://*.perk.com https://td.doubleclick.net/ https://www.google.com/ https://www.facebook.com/ https://gum.criteo.com/ https://gumi.criteo.com https://fledge.eu.criteo.com/ https://fledge.criteo.com/ https://static.criteo.net https://renderer.gist.build/ https://code.gist.build/ https://gateway.zscloud.net https://looker-reporting.travelperk.com/ https://hooks.stripe.com https://core.spreedly.com https://connect.useparagon.com https://cdn.merge.dev https://gateway.zscaler.net https://web.cmp.usercentrics.eu/;img-src 'self' data: https: blob: https://rs.fullstory.com https://rs.eu1.fullstory.com;object-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'report-sample' 'nonce-8P8yWcPXbPCOuset5m4l2g==' https://edge.fullstory.com https://rs.fullstory.com https://edge.eu1.fullstory.com https://rs.eu1.fullstory.com;worker-src blob:;report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubce0746b88c765822b6b6b4113fe9a051&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aprod%2Cservice%3Atk-web;report-to browser-intake-datadoghq
base-uri
Keyword
—
'self'
connect-src
Keyword
—
'self'
connect-src
Scheme
—
https:
connect-src
Host
—
connect-src
Scheme
—
wss:
connect-src
Scheme
—
data:
connect-src
Scheme
—
blob:
img-src
Keyword
—
'self'
img-src
Scheme
—
data:
img-src
Scheme
—
https:
img-src
Scheme
—
blob:
object-src
Keyword
—
'none'
script-src
Scheme
—
https:
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
script-src
Keyword
—
'strict-dynamic'
script-src
Keyword
—
'report-sample'
script-src
Nonce
—
'nonce-8P8yWcPXbPCOuset5m4l2g=='
worker-src
Scheme
—
blob:
report-to
Host
—
Content-Security-Policy-Report-Only
No report-only CSP headers found.