Open
Cached
·
just now
11
directives
Content-Security-Policy
Content-Security-Policy: default-src 'self';upgrade-insecure-requests;object-src 'none';frame-ancestors 'none';sandbox allow-forms allow-same-origin allow-scripts allow-popups;base-uri 'self';connect-src 'self' *;img-src 'self' *;font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com;style-src 'self' fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline';script-src 'self' dc.services.visualstudio.com www.google-analytics.com az416426.vo.msecnd.net maxcdn.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com 'unsafe-inline';
default-src
Keyword
—
'self'
upgrade-insecure-requests
Source
—
(no sources)
object-src
Keyword
—
'none'
frame-ancestors
Keyword
—
'none'
sandbox
Keyword
—
allow-forms
sandbox
Keyword
—
allow-same-origin
sandbox
Keyword
—
allow-scripts
sandbox
Keyword
—
allow-popups
base-uri
Keyword
—
'self'
connect-src
Keyword
—
'self'
connect-src
Host
—
*
img-src
Keyword
—
'self'
img-src
Host
—
*
font-src
Keyword
—
'self'
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-inline'
Content-Security-Policy-Report-Only
No report-only CSP headers found.