Open
Cached
·
5h ago
4
directives
Content-Security-Policy
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.aros.se *.hotjar.com *.hotjar.io *.matomo.cloud *.lfeeder.com *.licdn.com *.linkedin.com *.cloudflare.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.cookietractor.com; default-src 'self' data: ws: wss: blob: 'unsafe-inline' *.gstatic.com *.hotjar.io *.hotjar.com *.matomo.cloud *.oribi.io *.linkedin.com *.cookietractor.com *.umbraco.com *.googleapis.com *.typekit.net *.google.com *.doubleclick.net *.ytimg.com *.youtube.com *.ggpht.com *.google-analytics.com *.googletagmanager.com *.vimeocdn.com *.vimeo.com unpkg.com *.cloudflare.com cdn.cookietractor.com; font-src 'self' blob: data: *.typekit.net fonts.googleapis.com fonts.gstatic.com; img-src 'self' blob: data: *.googletagmanager.com *.lfeeder.com *.google.se *.linkedin.com *.vimeocdn.com *.umbraco.com;
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-eval'
script-src
Keyword
—
'unsafe-inline'
script-src
Scheme
—
blob:
script-src
Scheme
—
data:
script-src
Host
—
default-src
Keyword
—
'self'
default-src
Scheme
—
data:
default-src
Scheme
—
ws:
default-src
Scheme
—
wss:
default-src
Scheme
—
blob:
default-src
Keyword
—
'unsafe-inline'
default-src
Host
—
default-src
Host
—
font-src
Keyword
—
'self'
font-src
Scheme
—
blob:
font-src
Scheme
—
data:
img-src
Keyword
—
'self'
img-src
Scheme
—
blob:
img-src
Scheme
—
data:
Content-Security-Policy-Report-Only
No report-only CSP headers found.