Open
Cached
·
just now
12
directives
Content-Security-Policy
No enforced CSP headers found.
Content-Security-Policy-Report-Only
Content-Security-Policy-Report-Only: default-src 'self' *.csnonprod.com *.contentstack.com; img-src * 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.csnonprod.com *.contentstack.com *.contentstack.io *.google-analytics.com https://*.salesforce-sites.com https://*.force.com https://*.jquery.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.cdn.apollographql.com https://code.jquery.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.heapanalytics.com https://fast.appcues.com https://fast.appcues.net https://googletagmanager.com https://js.intercomcdn.com https://service.force.com https://tagmanager.google.com https://www.googletagmanager.com https://widget.intercom.io https://widget.usersnap.com https://resources.usersnap.com https://service.force.com https://stats.pusher.com https://api.commandbar.com https://unpkg.com https://frames-commandbar-prod.commandbar.com https://cdn.commandbar.com; style-src 'self' 'report-sample' 'unsafe-inline' *.csnonprod.com *.contentstack.com *.salesforceliveagent.com https://*.salesforce-sites.com https://rawgithub.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://service.force.com https://liveagentcontentstack.secure.force.com https://fast.appcues.com https://frames-commandbar-prod.commandbar.com https://cdn.commandbar.com; font-src 'self' data: *.csnonprod.com *.contentstack.com *.contentstack.io https://fonts.googleapis.com https://fonts.gstatic.com; frame-src *; connect-src 'self' *.csnonprod.com *.contentstack.com *.salesforce-sites.com https://cdn-personalization.contentstack.com https://cdn.contentstack.io https://api.appcues.net wss://api.appcues.net https://liveagentcontentstack.secure.force.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://ws-mt1.pusher.com https://widget.usersnap.com https://api.commandbar.com https://t.commandbar.com https://s3.us-west-2.amazonaws.com https://*.browser-intake-datadoghq.eu; object-src 'none'; frame-ancestors 'self'; manifest-src *.cdn.apollographql.com; worker-src blob: *.csnonprod.com *.contentstack.com *.contentstack.io; report-uri https://csp-report.contentstack.com/reports
default-src
Keyword
—
'self'
img-src
Host
—
*
img-src
Keyword
—
'self'
img-src
Scheme
—
data:
img-src
Scheme
—
blob:
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
script-src
Host
—
style-src
Keyword
—
'self'
style-src
Keyword
—
'report-sample'
style-src
Keyword
—
'unsafe-inline'
style-src
Host
—
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
frame-src
Host
—
*
connect-src
Keyword
—
'self'
object-src
Keyword
—
'none'
frame-ancestors
Keyword
—
'self'
manifest-src
Host
—
worker-src
Scheme
—
blob: