Open
Cached
·
just now
10
directives
Content-Security-Policy
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' retrium-public.s3.amazonaws.com maxcdn.bootstrapcdn.com oss.maxcdn.com code.jquery.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.googletagmanager.com tagmanager.google.com *.auth0.com ajax.googleapis.com connect.facebook.net js.stripe.com checkout.stripe.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsadspixel.net js.hsleadflows.net js.hscollectedforms.net js.usemessages.com js.hsforms.net js-na1.hs-scripts.com *.hubspotfeedback.com tag.marinsm.com pixel-geo.prfct.co static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com rum-static.pingdom.net *.redditstatic.com auth.retrium.com accounts.google.com/gsi/client https://*.wistia.com https://*.wistia.net https://src.litix.io https://button.glitch.me embed.typeform.com https://static.hotjar.com https://script.hotjar.com/ https://static.retrium.com/29.3.0;style-src 'self' 'unsafe-inline' *.googleapis.com *.googletagmanager.com tagmanager.google.com fonts.google.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com accounts.google.com/gsi/style https://fast.wistia.com https://button.glitch.me https://static.retrium.com/29.3.0;img-src 'self' data: www.google.com api.atlassian.com *.google-analytics.com *.googleusercontent.com *.gstatic.com *.facebook.com *.auth0.com *.stripe.com track.hubspot.com cdn2.hubspot.net pixel-geo.prfct.co *.adnxs.com ads.yahoo.com us-u.openx.net *.doubleclick.net t.co bat.bing.com px.ads.linkedin.com p.adsymptotic.com alb.reddit.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://glitch.com https://cdn.glitch.com https://avatars0.githubusercontent.com avatars.slack-edge.com https://static.retrium.com/29.3.0;font-src 'self' data: *.bootstrapcdn.com *.gstatic.com cdn.auth0.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://*.wistia.com https://static.retrium.com/29.3.0;child-src 'self' www.google.com js.stripe.com checkout.stripe.com app.hubspot.com https://static.retrium.com/29.3.0;frame-ancestors https://static.retrium.com/29.3.0;frame-src *.google.com js.stripe.com app.hubspot.com accounts.google.com/gsi/ https://fast.wistia.com https://fast.wistia.net https://static.retrium.com/29.3.0;connect-src * api.ipify.org retrium.geminiops-client.com accounts.google.com/gsi/ https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.glitch.com https://static.retrium.com/29.3.0;media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net static.retrium.com;default-src https://*.wistia.com https://*.wistia.net
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-eval'
script-src
Keyword
—
'unsafe-inline'
script-src
Host
—
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
img-src
Keyword
—
'self'
img-src
Scheme
—
data:
img-src
Host
—
img-src
Host
—
img-src
Host
—
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
child-src
Keyword
—
'self'
connect-src
Host
—
*
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
media-src
Keyword
—
'self'
media-src
Scheme
—
blob:
media-src
Scheme
—
data:
Content-Security-Policy-Report-Only
No report-only CSP headers found.