Open
Cached
·
just now
10
directives
Content-Security-Policy
No enforced CSP headers found.
Content-Security-Policy-Report-Only
Content-Security-Policy-Report-Only: default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; object-src https:; style-src 'unsafe-inline' https:; img-src https: 'self' data:; media-src https:; frame-src https:; font-src https: data:; connect-src https: wss: https://api.company-target.com https://redhat.tt.omtrdc.net wss://*.hotjar.com; report-uri /report-csp-violation
default-src
Scheme
—
https:
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
script-src
Scheme
—
https:
object-src
Scheme
—
https:
style-src
Keyword
—
'unsafe-inline'
style-src
Scheme
—
https:
img-src
Scheme
—
https:
img-src
Keyword
—
'self'
img-src
Scheme
—
data:
media-src
Scheme
—
https:
frame-src
Scheme
—
https:
font-src
Scheme
—
https:
font-src
Scheme
—
data:
connect-src
Scheme
—
https:
connect-src
Scheme
—
wss:
report-uri
Host
—