Open
Cached
·
just now
14
directives
Content-Security-Policy
Content-Security-Policy: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://api.mapbox.com https://www.googletagmanager.com https://www.google-analytics.com https://www.clarity.ms https://*.clarity.ms https://unpkg.com https://*.gstatic.com https://apis.google.com https://*.firebaseapp.com https://*.googlesyndication.com https://adservice.google.com https://*.doubleclick.net https://*.googleadservices.com https://fundingchoicesmessages.google.com https://www.google.com https://*.adtrafficquality.google https://www.cruvai.com https://www.cruvai.com https://*.cruvai.com;script-src-attr 'unsafe-inline';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://api.mapbox.com https://unpkg.com;font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com data:;img-src 'self' data: blob: https://*.supabase.co https://images.pexels.com https://upload.wikimedia.org https://commons.wikimedia.org https://api.mapbox.com https://*.tiles.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://tile.openstreetmap.org https://*.tile.openstreetmap.org https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://*.basemaps.cartocdn.com https://cartodb-basemaps-a.global.ssl.fastly.net https://cartodb-basemaps-b.global.ssl.fastly.net https://cartodb-basemaps-c.global.ssl.fastly.net https://picsum.photos https://*.picsum.photos https://fastly.picsum.photos https://www.cruvai.com https://www.cruvai.com https://*.clarity.ms https://*.bing.com https://c.bing.com https://unpkg.com https://branding.getyourguide.com https://source.unsplash.com https://images.unsplash.com https://i.pravatar.cc https://*.googlesyndication.com https://adservice.google.com https://*.doubleclick.net https://*.adtrafficquality.google https://*.gstatic.com https://www.transparenttextures.com;connect-src 'self' https://api.mapbox.com https://*.mapbox.com https://events.mapbox.com https://*.supabase.co https://www.google-analytics.com https://*.google-analytics.com https://www.googletagmanager.com https://api.perplexity.ai https://generativelanguage.googleapis.com https://api.pexels.com https://cdn.jsdelivr.net https://router.project-osrm.org https://api.sunrise-sunset.org https://api.open-meteo.com https://*.clarity.ms https://*.bing.com https://c.bing.com https://unpkg.com https://*.googleapis.com https://*.gstatic.com https://*.firebaseio.com https://*.firebaseapp.com https://*.googlesyndication.com https://*.doubleclick.net https://fundingchoicesmessages.google.com https://*.adtrafficquality.google https://www.google.com https://*.google.com https://www.cruvai.com https://www.cruvai.com https://*.cruvai.com;worker-src 'self' blob:;frame-src 'self' https://*.firebaseapp.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com https://*.adtrafficquality.google;frame-ancestors 'self';form-action 'self';base-uri 'self';object-src 'none';upgrade-insecure-requests
default-src
Keyword
—
'self'
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
script-src-attr
Keyword
—
'unsafe-inline'
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
img-src
Keyword
—
'self'
img-src
Scheme
—
data:
img-src
Scheme
—
blob:
img-src
Host
—
connect-src
Keyword
—
'self'
worker-src
Keyword
—
'self'
worker-src
Scheme
—
blob:
frame-src
Keyword
—
'self'
frame-ancestors
Keyword
—
'self'
form-action
Keyword
—
'self'
base-uri
Keyword
—
'self'
object-src
Keyword
—
'none'
upgrade-insecure-requests
Source
—
(no sources)
Content-Security-Policy-Report-Only
No report-only CSP headers found.