Open
Cached
·
just now
12
directives
Content-Security-Policy
Content-Security-Policy: default-src 'self' 'unsafe-inline' blob:; img-src data: blob: * analytics.tiktok.com; font-src 'self' data: fonts.gstatic.com fast.wistia.com maxcdn.bootstrapcdn.com; media-src 'self' blob: data: *.wistia.net embedwistia-a.akamaihd.net *.wistia.com *.zdassets.com *.cloudinary.com; style-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fonts.googleapis.com *.twitter.com *.twimg.com tagmanager.google.com *.googletagmanager.com hello.myfonts.net; frame-src 'self' bytedance: sslocal: app.vwo.com *.visualwebsiteoptimizer.com certificates.easy-lms.com ace.easy-lms.com *.doubleclick.net www.facebook.com *.wistia.com *.wistia.net widget.reviews.co.uk *.twitter.com *.addthis.com embedwistia-a.akamaihd.net www.youtube.com www.youtube-nocookie.com www.google.com widget.trustpilot.com *.googletagmanager.com widget-prime.rafflecopter.com *.appointedd.com *.onlineexambuilder.com app.netlify.com *.player.vimeo.com *.vimeo.com *.chilipiper.com capture.navattic.com; object-src 'self' embedwistia-a.akamaihd.net; connect-src 'self' data: wss: *.visualwebsiteoptimizer.com app.vwo.com analytics.tiktok.com *.clarity.ms *.litix.io *.reviews.co.uk *.wistia.com *.wistia.net *.facebook.com *.addthis.com *.freeagent.com *.fre.ag analytics.google.com *.google-analytics.com *.doubleclick.net embedwistia-a.akamaihd.net www.google.com *.adroll.com www.google.co.uk widget.trustpilot.com geoip-js.com geoip-js.maxmind.com geoip.maxmind.com *.crazyegg.com adservice.google.com *.cookielaw.org *.onetrust.com *.zdassets.com *.zendesk.com *.zopim.com bat.bing.com bat.bing.net api.cloudinary.com cdn.linkedin.oribi.io *.analytics.google.com *.googlesyndication.com *.player.vimeo.com *.vimeo.com px.ads.linkedin.com *.sentry.io *.chilipiper.com *.chilipiper.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.visualwebsiteoptimizer.com app.vwo.com analytics.tiktok.com *.freeagent.com *.fre.ag *.googleapis.com analytics.google.com *.google-analytics.com *.doubleclick.net *.googleadservices.com *.adroll.com *.cloudfront.net *.facebook.net *.twitter.com script.crazyegg.com *.reviews.co.uk *.addthis.com *.addthisedge.com *.twimg.com www.googletagmanager.com *.tfaforms.com s3.amazonaws.com/trk.cetrk.com/ *.wistia.com *.wistia.net www.gstatic.com www.google.com *.workable.com px.ads.linkedin.com static.ads-twitter.com snap.licdn.com widget.reviews.co.uk cdn.ampproject.org www.linkedin.com pro.ip-api.com bat.bing.com widget.trustpilot.com tagmanager.google.com tinymce.cachefly.net js.maxmind.com z.moatads.com widget-prime.rafflecopter.com www.dwin1.com optanon.blob.core.windows.net *.onetrust.com *.cookielaw.org cdnjs.cloudflare.com *.bizographics.com www.clarity.ms geoip-js.com *.appointedd.com s3-eu-west-1.amazonaws.com *.zdassets.com *.zopim.com *.zendesk.com netlify-cdp-loader.netlify.app *.chilipiper.com js.navattic.com; frame-ancestors 'self' https://support.freeagent.com; report-uri https://freeagent.report-uri.com/r/d/csp/enforce; worker-src 'self' blob:;
default-src
Keyword
—
'self'
default-src
Keyword
—
'unsafe-inline'
default-src
Scheme
—
blob:
img-src
Scheme
—
data:
img-src
Scheme
—
blob:
img-src
Host
—
*
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
media-src
Keyword
—
'self'
media-src
Scheme
—
blob:
media-src
Scheme
—
data:
media-src
Host
—
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
style-src
Scheme
—
data:
style-src
Scheme
—
blob:
frame-src
Keyword
—
'self'
frame-src
Scheme
—
bytedance:
frame-src
Scheme
—
sslocal:
frame-src
Host
—
object-src
Keyword
—
'self'
connect-src
Keyword
—
'self'
connect-src
Scheme
—
data:
connect-src
Scheme
—
wss:
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-eval'
script-src
Keyword
—
'unsafe-inline'
script-src
Scheme
—
blob:
script-src
Host
—
script-src
Host
—
script-src
Host
—
script-src
Host
—
script-src
Host
—
frame-ancestors
Keyword
—
'self'
worker-src
Keyword
—
'self'
worker-src
Scheme
—
blob:
Content-Security-Policy-Report-Only
No report-only CSP headers found.