Open
Cached
·
3h ago
16
directives
Content-Security-Policy
No enforced CSP headers found.
Content-Security-Policy-Report-Only
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://js.stripe.com https://catalog.appdirect.com https://js.hs-scripts.com https://js.userpilot.io https://*.clerk.com https://*.clerk.dev https://*.clerk.accounts.dev https://clerk.devs.ai https://clerk.aravo.ai https://upload-widget.cloudinary.com https://apis.google.com https://accounts.google.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://js.stripe.com https://catalog.appdirect.com https://js.hs-scripts.com https://js.userpilot.io https://*.clerk.com https://*.clerk.dev https://*.clerk.accounts.dev https://clerk.devs.ai https://clerk.aravo.ai https://upload-widget.cloudinary.com https://apis.google.com https://accounts.google.com https://www.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' blob: data: https://res.cloudinary.com https://oaidalleapiprodscus.blob.core.windows.net https://img.clerk.com https://www.google-analytics.com https://www.googletagmanager.com https://*.clerk.com https://*.clerk.dev https://*.clerk.accounts.dev https://*.public.blob.vercel-storage.com https://www.google.com https://www.google.ca https://px.ads.linkedin.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.google.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://px.ads.linkedin.com https://*.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://browser-intake-us3-datadoghq.com https://browser-intake-us5-datadoghq.com https://browser-intake-ap1-datadoghq.com https://*.datadoghq.eu https://*.browser-intake-datadoghq.eu https://browser-intake-datadoghq.eu https://api.d-id.com https://api.elevenlabs.io https://*.tts.speech.microsoft.com https://*.userpilot.io wss://*.userpilot.io https://*.clerk.com https://*.clerk.dev https://*.clerk.accounts.dev wss://*.clerk.com wss://*.clerk.accounts.dev https://clerk-telemetry.com https://api.cloudinary.com https://vercel.com https://*.vercel-storage.com https://*.public.blob.vercel-storage.com https://*.vercel.run https://clerk.devs.ai https://clerk.aravo.ai; media-src 'self' blob: data: https://res.cloudinary.com; object-src 'none'; frame-src 'self' https://www.googletagmanager.com https://codesandbox.io https://*.codesandbox.io https://*.csb.app https://*.vercel.run https://clerk.com https://*.clerk.com https://*.clerk.dev https://*.clerk.accounts.dev https://js.stripe.com https://upload-widget.cloudinary.com; worker-src 'self' blob:; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; report-uri https://devsai.report-uri.com/r/t/csp/wizard; frame-ancestors 'self';
default-src
Keyword
—
'self'
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
script-src-elem
Keyword
—
'self'
script-src-elem
Keyword
—
'unsafe-inline'
script-src-elem
Keyword
—
'unsafe-eval'
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
img-src
Keyword
—
'self'
img-src
Scheme
—
blob:
img-src
Scheme
—
data:
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
connect-src
Keyword
—
'self'
connect-src
Host
—
media-src
Keyword
—
'self'
media-src
Scheme
—
blob:
media-src
Scheme
—
data:
object-src
Keyword
—
'none'
frame-src
Keyword
—
'self'
worker-src
Keyword
—
'self'
worker-src
Scheme
—
blob:
form-action
Keyword
—
'self'
base-uri
Keyword
—
'self'
upgrade-insecure-requests
Source
—
(no sources)
frame-ancestors
Keyword
—
'self'