Open
Cached
·
just now
11
directives
Content-Security-Policy
No enforced CSP headers found.
Content-Security-Policy-Report-Only
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' https://*.enboarder.com/ https://js.intercomcdn.com/ https://*.fullstory.com/ 'nonce-aW5qZWN0LWludGVyY29t' 'nonce-Y2h1bmstc3BsaXQtbG9naWM='; connect-src 'self' https://*.enboarder.com/ https://*.fullstory.com/ https://*.intercom.io/ wss://*.intercom.io/; img-src 'self' https://*.enboarder.com/ blob: data: https://js.intercomcdn.com; media-src 'self' https://js.intercomcdn.com; frame-src https:; frame-ancestors none; style-src 'self' 'unsafe-inline' https://static.enboarder.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/; font-src 'self' https://static.enboarder.com/ https://fonts.gstatic.com/ https://fonts.intercomcdn.com/ https://fonts.googleapis.com/ data:; worker-src blob:; report-uri https://my.enboarder.com/api/10/security
default-src
Keyword
—
'self'
script-src
Keyword
—
'self'
script-src
Nonce
—
'nonce-aW5qZWN0LWludGVyY29t'
script-src
Nonce
—
'nonce-Y2h1bmstc3BsaXQtbG9naWM='
connect-src
Keyword
—
'self'
img-src
Keyword
—
'self'
img-src
Scheme
—
blob:
img-src
Scheme
—
data:
media-src
Keyword
—
'self'
frame-src
Scheme
—
https:
frame-ancestors
Host
—
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
worker-src
Scheme
—
blob: