Open
Cached
·
just now
6
directives
Content-Security-Policy
Content-Security-Policy: default-src * 'self' data: blob: 'unsafe-inline'; script-src 'self' blob: 'wasm-unsafe-eval' https://server.fillout.com https://server.zite.com https://server.filloutstaging.com https://server.zitestaging.com https://api.fillout.com https://api.zite.com https://api.filloutstaging.com https://api.zitestaging.com https://embed.fillout.com https://forms.fillout.com https://form.fillout.com https://embed.zite.com https://forms.zite.com https://form.zite.com https://browser.sentry-cdn.com https://widget.intercom.io https://js.intercomcdn.com https://accounts.google.com https://maps.googleapis.com https://apis.google.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://js.stripe.com https://m.stripe.network https://cdn.zapier.com https://connect.facebook.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.cal.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.com; frame-ancestors 'none'; form-action 'self' https://server.fillout.com https://server.zite.com https://server.filloutstaging.com https://server.zitestaging.com https://api.fillout.com https://api.zite.com https://api.filloutstaging.com https://api.zitestaging.com; report-uri https://o1219530.ingest.us.sentry.io/api/6361954/security/?sentry_key=2fe730dadb054540aff7174cd550eaea; report-to csp-endpoint
default-src
Host
—
*
default-src
Keyword
—
'self'
default-src
Scheme
—
data:
default-src
Scheme
—
blob:
default-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'self'
script-src
Scheme
—
blob:
script-src
Keyword
—
'wasm-unsafe-eval'
script-src
Host
—
frame-ancestors
Keyword
—
'none'
form-action
Keyword
—
'self'
report-to
Host
—
Content-Security-Policy-Report-Only
No report-only CSP headers found.