Open
Cached
·
just now
11
directives
Content-Security-Policy
Content-Security-Policy: object-src 'none'; img-src * data: blob:; default-src 'self' data: blob: https: *.sentry.io *.stripe.com *.clym.io https://*.hcaptcha.com wss://*.relay.crisp.chat; base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' https://*.clym.io https://*.clym-sdk.net https://*.clym-widget.net; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.stripe.com apis.google.com *.clym.io *.clym-sdk.net *.clym-widget.net *.hcaptcha.com *.crisp.chat vercel.live *.googletagmanager.com *.facebook.net googleads.g.doubleclick.net *.ahrefs.com *.g2.com *.redditstatic.com *.licdn.com; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests
object-src
Keyword
—
'none'
img-src
Host
—
*
img-src
Scheme
—
data:
img-src
Scheme
—
blob:
default-src
Keyword
—
'self'
default-src
Scheme
—
data:
default-src
Scheme
—
blob:
default-src
Scheme
—
https:
base-uri
Keyword
—
'self'
font-src
Keyword
—
'self'
font-src
Scheme
—
https:
font-src
Scheme
—
data:
form-action
Keyword
—
'self'
frame-ancestors
Keyword
—
'self'
script-src
Keyword
—
'self'
script-src
Scheme
—
data:
script-src
Scheme
—
blob:
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
script-src-attr
Keyword
—
'none'
style-src
Keyword
—
'self'
style-src
Scheme
—
https:
style-src
Keyword
—
'unsafe-inline'
upgrade-insecure-requests
Source
—
(no sources)
Content-Security-Policy-Report-Only
No report-only CSP headers found.