Open
Cached
·
just now
8
directives
Content-Security-Policy
Content-Security-Policy: font-src 'self' *.getpostman.com documenter.postman.com fonts.gstatic.com fonts.googleapis.com *.pstmn.io; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; img-src * data:; script-src 'self' 'strict-dynamic' *.getpostman.com documenter.postman.com documenter-assets.pstmn.io content.pstmn.io run.pstmn.io https://cdn.ravenjs.com 'nonce-jFoFbAl6bEjaKNTuYg+j5F8scIb4kLt5hM/b5wK1WY64K8xH'; style-src 'self' 'unsafe-inline' *.getpostman.com documenter.postman.com *.pstmn.io fonts.gstatic.com fonts.googleapis.com; frame-src https://youtube.com https://www.youtube.com https://player.vimeo.com
font-src
Keyword
—
'self'
font-src
Host
—
frame-ancestors
Keyword
—
'none'
object-src
Keyword
—
'none'
base-uri
Keyword
—
'self'
img-src
Host
—
*
img-src
Scheme
—
data:
script-src
Keyword
—
'self'
script-src
Keyword
—
'strict-dynamic'
script-src
Nonce
—
'nonce-jFoFbAl6bEjaKNTuYg+j5F8scIb4kLt5hM/b5wK1WY64K8xH'
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
style-src
Host
—
Content-Security-Policy-Report-Only
No report-only CSP headers found.