Open
Cached
·
just now
8
directives
Content-Security-Policy
Content-Security-Policy: upgrade-insecure-requests; block-all-mixed-content; default-src 'none'; img-src 'self'; style-src 'unsafe-inline' 'self'; form-action 'self'; frame-ancestors 'none'; require-trusted-types-for 'script';
upgrade-insecure-requests
Source
—
(no sources)
block-all-mixed-content
Source
—
(no sources)
default-src
Keyword
—
'none'
img-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
style-src
Keyword
—
'self'
form-action
Keyword
—
'self'
frame-ancestors
Keyword
—
'none'
require-trusted-types-for
Keyword
—
'script'
Content-Security-Policy-Report-Only
No report-only CSP headers found.