Open
Cached
·
just now
12
directives
Content-Security-Policy
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.qualified.com *.amplitude.com *.navattic.com *.clarity.ms *.wistia.net *.google.com www.gstatic.com *.bing.com *.tiktok.com *.6sc.co cdn.cookielaw.org app-ab41.marketo.com munchkin.marketo.net *.hellopebl.com www.datadoghq-browser-agent.com cdn.dreamdata.cloud cdn.drda.io cdn.neverbounce.com api.neverbounce.com cdn.segment.com cdn.edgefn.segment.com dev.visualwebsiteoptimizer.com www.redditstatic.com ws-assets.zoominfo.com js.zi-scripts.com snap.licdn.com px.ads.linkedin.com *.cloudfront.net assets.tvscipixel.com static.cloudflareinsights.com script.crazyegg.com *.jsdelivr.net cdnjs.cloudflare.com script.getbreakout.ai browser.sentry-cdn.com www.googletagmanager.com connect.facebook.net googleads.g.doubleclick.net wt.inflection.io static.addtoany.com tracking.g2crowd.com pixel.byspotify.com *.analytics.google.com unpkg.com jobs.ashbyhq.com js.referral-factory.com embed.referral-factory.com static.referral-factory.com fast.wistia.com; object-src embed.referral-factory.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.hellopebl.com cdn.cookielaw.org cdnjs.cloudflare.com script.getbreakout.ai *.jsdelivr.net unpkg.com; img-src 'self' data: *.qualified.com *.google.com www.gstatic.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.bing.com *.pdscrb.com *.6sc.co *.tvspix.com *.tiktok.com *.clarity.ms *.facebook.com cdn.cookielaw.org dev.visualwebsiteoptimizer.com alb.reddit.com www.redditstatic.com px.ads.linkedin.com www.googletagmanager.com res.cloudinary.com wt.inflection.io cdn.bfldr.com *.linkedin.com tvspix.com bat.bing.com embed.referral-factory.com static.referral-factory.com; media-src 'self' *.qualified.com *.wistia.net *.wistia.com; frame-src 'self' *.qualified.com *.navattic.com *.hellopebl.com *.wistia.net *.google.com google.com *.facebook.com *.hubspot.com *.hsforms.net static.addtoany.com jobs.ashbyhq.com embed.referral-factory.com pebl.wistia.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.qualified.com *.wistia.net cdn.neverbounce.com cdn.cookielaw.org script.getbreakout.ai; connect-src 'self' *.qualified.com wss://ws4.qualified.com *.analytics.google.com *.amplitude.com *.navattic.com *.clarity.ms *.wistia.com *.wistia.net *.google.com www.gstatic.com *.google-analytics.com *.bing.com *.tiktok.com *.tiktokw.us *.pdscrb.com *.6sc.co *.6sense.com *.facebook.com *.hellopebl.com *.jsdelivr.net *.onetrust.com *.mktoresp.com *.spotify.com *.tracking-api.g2.com app-ab41.marketo.com munchkin.marketo.net 073-gvb-960.mktoutil.com browser.sentry-cdn.com www.datadoghq-browser-agent.com browser-intake-datadoghq.com cdn.dreamdata.cloud cdn.segment.com cdn.edgefn.segment.com api.segment.io cdn.cookielaw.org cdn.neverbounce.com dev.visualwebsiteoptimizer.com alb.reddit.com pixel-config.reddit.com ws-assets.zoominfo.com ws.zoominfo.com js.zi-scripts.com px.ads.linkedin.com snap.licdn.com static.cloudflareinsights.com api.velocityglobal.com www.googletagmanager.com connect.facebook.net script.crazyegg.com chat.prod.meaku.ai wt.inflection.io secure.adnxs.com stats.g.doubleclick.net analytics-ipv6.tiktokw.us tracking-api.g2.com *.googleadservices.com googleadservices.com unpkg.com *.referral-factory.com *.sentry.io *.launchdarkly.com; report-uri /report-csp-violation
default-src
Keyword
—
'self'
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
img-src
Keyword
—
'self'
img-src
Scheme
—
data:
img-src
Host
—
media-src
Keyword
—
'self'
frame-src
Keyword
—
'self'
frame-ancestors
Keyword
—
'self'
child-src
Keyword
—
'self'
child-src
Scheme
—
blob:
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
connect-src
Keyword
—
'self'
connect-src
Host
—
report-uri
Host
—
Content-Security-Policy-Report-Only
No report-only CSP headers found.