Open
Cached
·
just now
14
directives
Content-Security-Policy
Content-Security-Policy: default-src 'none';script-src 'report-sample' 'self' app: resource: moz-extension: chrome: chrome-extension: safari-extension: safari-resource: safari-web-extension: ms-appx-web: opera: about: https: 'sha256-q7cJjDqNO2e1L5UltvJ1LhvnYN7yJXgGO7b6h9xkL1o=' 'sha256-rqqVH5LplGhKZKTEALP8HjjiXKsPApu8zW2JQRTZjJQ=' 'sha256-hblMForFJbi0ultQE9Q6q4x6n4TrASh0pYHYjV2v98o=' 'sha256-li3MmfulAwrRRC4E6AWVrLXMxW9358OnYKwV4Iq6ci8=' 'sha256-LFCG3QCmCedCg1JYelEj6C+b/vwdFtnkcuVc3RakDfw=' 'sha256-q+LZYTv8ACoUIlluZq+s82JGKxcOd5mScMBDtyq14Lw=' cdn.segment.com cdn.speedcurve.com/js/lux.js www.google-analytics.com/analytics.js *.sendcloud.com static.hotjar.com script.hotjar.com snippet.maze.co static.zdassets.com/web_widget/ fast.appcues.com app.satismeter.com/js js.partnerstack.com/v1/ js.intercomcdn.com widget.intercom.io/widget/ snap.licdn.com/li.lms-analytics/insight.min.js bat.bing.com/bat.js connect.facebook.net translate.google.com about assets.customer.io code.gist.build eu.customerioforms.com *.hs-scripts.com *.smooch.io *.zendesk.com consent.cookiebot.eu;style-src 'report-sample' 'self' app: resource: moz-extension: chrome: chrome-extension: safari-extension: safari-resource: safari-web-extension: ms-appx-web: opera: about: 'unsafe-inline' https: fast.appcues.com fonts.googleapis.com *.sendcloud.com translate.googleapis.com snippet.maze.co code.gist.build *.smooch.io *.zendesk.com;connect-src 'self' https: wss: http://127.0.0.1:1903 api.segment.io *.app.sendcloud.com graph.instagram.com o421644.ingest.sentry.io snippet.maze.co api.maze.co prompts.maze.co www.google-analytics.com lux.speedcurve.com *.statuspage.io ekr.zdassets.com widget-mediator.zopim.com app.satismeter.com api.appcues.net grsm.io stats.g.doubleclick.net *.intercom.io bat.bing.com about track-eu.customer.io eu.customerioforms.com *.api.gist.build *.cloud.gist.build *.smooch.io *.zendesk.com *.typeform.com consent.cookiebot.eu consentcdn.cookiebot.com ;img-src * data: blob: app: resource: moz-extension: chrome: chrome-extension: safari-extension: safari-resource: safari-web-extension: ms-appx-web: opera: about: track-eu.customer.io *.smooch.io *.zendesk.com *.gravatar.com imgsct.cookiebot.com;frame-src 'self' https: vars.hotjar.com www.facebook.com renderer.gist.build code.gist.build *.typeform.com *.pandadoc.eu consentcdn.cookiebot.com;font-src 'self' app: resource: moz-extension: chrome: chrome-extension: safari-extension: safari-resource: safari-web-extension: ms-appx-web: opera: about: https: fonts.gstatic.com fonts.googleapis.com snippet.maze.co;media-src 'self' static.zdassets.com cdn.smooch.io *.amazonaws.com *.sendcloud.com;child-src 'self' blob: *.sendcloud.com;worker-src 'self' blob:;manifest-src 'self';base-uri 'self';report-to https://o421644.ingest.sentry.io/api/6520274/security/?sentry_key=d83967d3af0646dc83932d6790268dc2&sentry_environment=3.8.0;report-uri https://o421644.ingest.sentry.io/api/6520274/security/?sentry_key=d83967d3af0646dc83932d6790268dc2&sentry_environment=3.8.0
default-src
Keyword
—
'none'
script-src
Keyword
—
'report-sample'
script-src
Keyword
—
'self'
script-src
Scheme
—
app:
script-src
Scheme
—
resource:
script-src
Scheme
—
moz-extension:
script-src
Scheme
—
chrome:
script-src
Scheme
—
chrome-extension:
script-src
Scheme
—
safari-extension:
script-src
Scheme
—
safari-resource:
script-src
Scheme
—
safari-web-extension:
script-src
Scheme
—
ms-appx-web:
script-src
Scheme
—
opera:
script-src
Scheme
—
about:
script-src
Scheme
—
https:
script-src
Hash
—
'sha256-q7cJjDqNO2e1L5UltvJ1LhvnYN7yJXgGO7b6h9xkL1o='
script-src
Hash
—
'sha256-rqqVH5LplGhKZKTEALP8HjjiXKsPApu8zW2JQRTZjJQ='
script-src
Hash
—
'sha256-hblMForFJbi0ultQE9Q6q4x6n4TrASh0pYHYjV2v98o='
script-src
Hash
—
'sha256-li3MmfulAwrRRC4E6AWVrLXMxW9358OnYKwV4Iq6ci8='
script-src
Hash
—
'sha256-LFCG3QCmCedCg1JYelEj6C+b/vwdFtnkcuVc3RakDfw='
script-src
Hash
—
'sha256-q+LZYTv8ACoUIlluZq+s82JGKxcOd5mScMBDtyq14Lw='
script-src
Host
—
style-src
Keyword
—
'report-sample'
style-src
Keyword
—
'self'
style-src
Scheme
—
app:
style-src
Scheme
—
resource:
style-src
Scheme
—
moz-extension:
style-src
Scheme
—
chrome:
style-src
Scheme
—
chrome-extension:
style-src
Scheme
—
safari-extension:
style-src
Scheme
—
safari-resource:
style-src
Scheme
—
safari-web-extension:
style-src
Scheme
—
ms-appx-web:
style-src
Scheme
—
opera:
style-src
Scheme
—
about:
style-src
Keyword
—
'unsafe-inline'
style-src
Scheme
—
https:
connect-src
Keyword
—
'self'
connect-src
Scheme
—
https:
connect-src
Scheme
—
wss:
connect-src
Host
—
connect-src
Host
—
img-src
Host
—
*
img-src
Scheme
—
data:
img-src
Scheme
—
blob:
img-src
Scheme
—
app:
img-src
Scheme
—
resource:
img-src
Scheme
—
moz-extension:
img-src
Scheme
—
chrome:
img-src
Scheme
—
chrome-extension:
img-src
Scheme
—
safari-extension:
img-src
Scheme
—
safari-resource:
img-src
Scheme
—
safari-web-extension:
img-src
Scheme
—
ms-appx-web:
img-src
Scheme
—
opera:
img-src
Scheme
—
about:
frame-src
Keyword
—
'self'
frame-src
Scheme
—
https:
font-src
Keyword
—
'self'
font-src
Scheme
—
app:
font-src
Scheme
—
resource:
font-src
Scheme
—
moz-extension:
font-src
Scheme
—
chrome:
font-src
Scheme
—
chrome-extension:
font-src
Scheme
—
safari-extension:
font-src
Scheme
—
safari-resource:
font-src
Scheme
—
safari-web-extension:
font-src
Scheme
—
ms-appx-web:
font-src
Scheme
—
opera:
font-src
Scheme
—
about:
font-src
Scheme
—
https:
media-src
Keyword
—
'self'
child-src
Keyword
—
'self'
child-src
Scheme
—
blob:
worker-src
Keyword
—
'self'
worker-src
Scheme
—
blob:
manifest-src
Keyword
—
'self'
base-uri
Keyword
—
'self'
Content-Security-Policy-Report-Only
No report-only CSP headers found.