Open
Cached
·
just now
7
directives
Content-Security-Policy
Content-Security-Policy: default-src data: blob: 'self' *.preset.io *.auth0.com *.hubspot.com *.chameleon.io *.appcues.com *.segment.com *.segment.io js.hs-scripts.com *.usepylon.com *.posthog.com *.pusher.com wss://*.pusher.com openfpcdn.io js.usemessages.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net googleads.g.doubleclick.net api.hubapi.com *.recurly.com *.logs.datadoghq.com www.datadoghq-browser-agent.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.hotjar.com hotjar.com *.hotjar.io hotjar.io wss://*.hotjar.com static.reo.dev api.reo.dev https://api.cord.com wss://api.cord.com https://app.cord.com https://o951476.ingest.sentry.io https://cdn.cord.com https://s3.us-west-2.amazonaws.com/preset-cord-bucket-production-4t4ql/ https://s3.us-west-2.amazonaws.com/preset-cord-bucket-sandbox-jm45j/ https://s3.us-west-2.amazonaws.com/preset-cord-bucket-staging-yatag/ 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors *.preset.io *.preset.zone; form-action 'self'; worker-src blob:; img-src 'self' blob: data: https:; object-src 'none'
default-src
Scheme
—
data:
default-src
Scheme
—
blob:
default-src
Keyword
—
'self'
default-src
Host
—
default-src
Host
—
default-src
Host
—
default-src
Host
—
default-src
Keyword
—
'unsafe-inline'
default-src
Keyword
—
'unsafe-eval'
frame-src
Host
—
*
frame-ancestors
Host
—
form-action
Keyword
—
'self'
worker-src
Scheme
—
blob:
img-src
Keyword
—
'self'
img-src
Scheme
—
blob:
img-src
Scheme
—
data:
img-src
Scheme
—
https:
object-src
Keyword
—
'none'
Content-Security-Policy-Report-Only
No report-only CSP headers found.