Open
Cached
·
just now
3
directives
Content-Security-Policy
No enforced CSP headers found.
Content-Security-Policy-Report-Only
Content-Security-Policy-Report-Only: style-src * data: blob: 'unsafe-inline'; default-src 'self' https://*.paymentworks.com https://*.s3.amazonaws.com/ https://www.datadoghq-browser-agent.com https://browser-intake-datadoghq.com https://*.browser-intake-datadoghq.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://flagicons.lipis.dev https://*.api.smartystreets.com https://cdn.ravenjs.com https://px.ads.linkedin.com https://snap.licdn.com *.hsadspixel.net *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com *.hs-sites-eu1.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com *.userpilot.io wss://*.userpilot.io https://fonts.gstatic.com https://fonts.googleapis.com data: blob: 'unsafe-inline' 'unsafe-eval'; font-src * data: blob: 'unsafe-inline'
style-src
Host
—
*
style-src
Scheme
—
data:
style-src
Scheme
—
blob:
style-src
Keyword
—
'unsafe-inline'
default-src
Keyword
—
'self'
default-src
Scheme
—
data:
default-src
Scheme
—
blob:
default-src
Keyword
—
'unsafe-inline'
default-src
Keyword
—
'unsafe-eval'
font-src
Host
—
*
font-src
Scheme
—
data:
font-src
Scheme
—
blob:
font-src
Keyword
—
'unsafe-inline'