Open
Cached
·
just now
9
directives
Content-Security-Policy
No enforced CSP headers found.
Content-Security-Policy-Report-Only
Content-Security-Policy-Report-Only: default-src 'self' ; base-uri 'self' ; object-src 'none' ; script-src 'self' 'unsafe-eval' 'nonce-vc1NTmezKubZnx3E3NtX7Q==' *.googleapis.com *.baidu.com *.zohocdn.com *.cloudfront.net *.googletagmanager.com *.cdn.pagesense.io *.youtube.com *.seatsio.net; connect-src 'self' *.googleapis.com *.google-analytics.com *.nimbuspop.com ws: data: ; font-src 'self' *.gstatic.com *.zohowebstatic.com *.zohostatic.com *.zohocdn.com data: ; style-src 'self' 'unsafe-inline' *.zoho.com *.zohocdn.com; frame-src 'self' * ; img-src 'self' *.ytimg.com *.zohoexternal.com *.zohocdn.com data: blob: *.nimbuspop.com *.zohopublic.com
default-src
Keyword
—
'self'
base-uri
Keyword
—
'self'
object-src
Keyword
—
'none'
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-eval'
script-src
Nonce
—
'nonce-vc1NTmezKubZnx3E3NtX7Q=='
script-src
Host
—
script-src
Host
—
connect-src
Keyword
—
'self'
connect-src
Scheme
—
ws:
connect-src
Scheme
—
data:
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
frame-src
Keyword
—
'self'
frame-src
Host
—
*
img-src
Keyword
—
'self'
img-src
Host
—
img-src
Scheme
—
data:
img-src
Scheme
—
blob: