Open
Cached
·
just now
6
directives
Content-Security-Policy
Content-Security-Policy: default-src 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: ws: *; frame-src 'self' https://*.smartdraw.com https://*.youtube.com https://*.youtube-nocookie.com/ https://*.paypal.com/ https://*.zendesk.com/ https://*.microsoft.com https://*.google.com https://*.googletagmanager.com/ https://*.bing.com https://*.recaptcha.net/ https://*.g2.com/ https://*.fetchback.com/ data: blob:; frame-ancestors 'self' https://*.smartdraw.com; base-uri 'unsafe-inline' about: data: *; form-action 'unsafe-inline' data: *; worker-src 'unsafe-inline' data: blob: *;
default-src
Keyword
—
'unsafe-inline'
default-src
Keyword
—
'unsafe-eval'
default-src
Scheme
—
data:
default-src
Scheme
—
blob:
default-src
Scheme
—
filesystem:
default-src
Scheme
—
about:
default-src
Scheme
—
ws:
default-src
Host
—
*
frame-src
Keyword
—
'self'
frame-src
Host
—
frame-src
Scheme
—
data:
frame-src
Scheme
—
blob:
frame-ancestors
Keyword
—
'self'
base-uri
Keyword
—
'unsafe-inline'
base-uri
Scheme
—
about:
base-uri
Scheme
—
data:
base-uri
Host
—
*
form-action
Keyword
—
'unsafe-inline'
form-action
Scheme
—
data:
form-action
Host
—
*
worker-src
Keyword
—
'unsafe-inline'
worker-src
Scheme
—
data:
worker-src
Scheme
—
blob:
worker-src
Host
—
*
Content-Security-Policy-Report-Only
No report-only CSP headers found.