Open
Cached
·
just now
14
directives
Content-Security-Policy
Content-Security-Policy: default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' groq.com *.groq.com groqcloud.com *.groqcloud.com groqcloud.net *.groqcloud.net *.vercel.groqcloud.net sanity.io *.sanity.io *.sanity.studio cdn.sanity.io *.api.sanity.io api.consentjs.datagrail.io js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hubspot.com edge.marker.io *.posthog.com static.cloudflareinsights.com www.googletagmanager.com googleads.g.doubleclick.net static.hsappstatic.net *.hubspotusercontent-na1.net *.vimeocdn.com vimdeo.com player.vimeo.com www.redditstatic.com static.hsappstatic.net ; connect-src 'self' groq.com *.groq.com groqcloud.com *.groqcloud.com groqcloud.net *.groqcloud.net *.vercel.groqcloud.net sanity.io *.sanity.io *.sanity.studio cdn.sanity.io *.api.sanity.io boards-api.greenhouse.io api.consentjs.datagrail.io *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hscollectedforms.net *.hsforms.com *.hsforms.net api.hubapi.com *.hubspot.com *.marker.io *.posthog.com www.google.ca www.google.com google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.youtube.com *.vimeocdn.com vimeo.com *.reddit.com www.redditstatic.com static.hsappstatic.net ; worker-src 'self' blob: data: groq.com *.groq.com groqcloud.com *.groqcloud.com groqcloud.net *.groqcloud.net *.vercel.groqcloud.net sanity.io *.sanity.io *.sanity.studio cdn.sanity.io *.api.sanity.io ; style-src 'self' 'unsafe-inline' groq.com *.groq.com groqcloud.com *.groqcloud.com groqcloud.net *.groqcloud.net *.vercel.groqcloud.net sanity.io *.sanity.io *.sanity.studio cdn.sanity.io *.api.sanity.io app.marker.io *.posthog.com google.com fonts.googleapis.com fonts.gstatic.com *.vimeocdn.com ; img-src 'self' blob: data: groq.com *.groq.com groqcloud.com *.groqcloud.com groqcloud.net *.groqcloud.net *.vercel.groqcloud.net sanity.io *.sanity.io *.sanity.studio cdn.sanity.io *.api.sanity.io *.hsforms.com track.hubspot.com app.marker.io *.posthog.com *.google.ca *.google.com google.com www.googletagmanager.com *.youtube.com *.vimeocdn.com *.reddit.com ; media-src 'self' blob: data: groq.com *.groq.com groqcloud.com *.groqcloud.com groqcloud.net *.groqcloud.net *.vercel.groqcloud.net sanity.io *.sanity.io *.sanity.studio cdn.sanity.io *.api.sanity.io *.posthog.com google.com *.vimeocdn.com ; font-src 'self' groq.com *.groq.com groqcloud.com *.groqcloud.com groqcloud.net *.groqcloud.net *.vercel.groqcloud.net sanity.io *.sanity.io *.sanity.studio cdn.sanity.io *.api.sanity.io app.marker.io *.posthog.com fonts.googleapis.com fonts.gstatic.com *.vimeocdn.com ; object-src 'none' ; base-uri 'self' ; form-action 'self' groq.com *.groq.com groqcloud.com *.groqcloud.com groqcloud.net *.groqcloud.net *.vercel.groqcloud.net sanity.io *.sanity.io *.sanity.studio cdn.sanity.io *.api.sanity.io app.marker.io ssr.marker.io forms.hsforms.com ; frame-src 'self' groq.com *.groq.com groqcloud.com *.groqcloud.com groqcloud.net *.groqcloud.net *.vercel.groqcloud.net sanity.io *.sanity.io *.sanity.studio cdn.sanity.io *.api.sanity.io app.marker.io forms.hsforms.com www.googletagmanager.com js.hsforms.net td.doubleclick.net player.vimeo.com ; frame-ancestors 'self' groq.com *.groq.com groqcloud.com *.groqcloud.com groqcloud.net *.groqcloud.net *.vercel.groqcloud.net sanity.io *.sanity.io *.sanity.studio cdn.sanity.io *.api.sanity.io ; upgrade-insecure-requests;
default-src
Keyword
—
'self'
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
script-src
Host
—
script-src
Host
—
connect-src
Keyword
—
'self'
connect-src
Host
—
connect-src
Host
—
worker-src
Keyword
—
'self'
worker-src
Scheme
—
blob:
worker-src
Scheme
—
data:
worker-src
Host
—
worker-src
Host
—
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
style-src
Host
—
style-src
Host
—
img-src
Keyword
—
'self'
img-src
Scheme
—
blob:
img-src
Scheme
—
data:
img-src
Host
—
img-src
Host
—
media-src
Keyword
—
'self'
media-src
Scheme
—
blob:
media-src
Scheme
—
data:
media-src
Host
—
media-src
Host
—
font-src
Keyword
—
'self'
font-src
Host
—
font-src
Host
—
object-src
Keyword
—
'none'
base-uri
Keyword
—
'self'
form-action
Keyword
—
'self'
form-action
Host
—
form-action
Host
—
frame-src
Keyword
—
'self'
frame-src
Host
—
frame-src
Host
—
frame-ancestors
Keyword
—
'self'
frame-ancestors
Host
—
frame-ancestors
Host
—
upgrade-insecure-requests
Source
—
(no sources)
Content-Security-Policy-Report-Only
No report-only CSP headers found.