Open
Cached
·
just now
16
directives
Content-Security-Policy
Content-Security-Policy: upgrade-insecure-requests; default-src 'self' https://static.kiwi.com; frame-ancestors 'self' kiwi.com *.kiwi.com skypicker.com *.skypicker.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://sdk.checkouttools.com https://078d9f6a6dc1.cdn4.forter.com https://3001.scriptcdn.net https://analytics.skyscanner.net https://analytics.webgains.io https://applepay.cdn-apple.com https://appsflyersdk.github.io https://bat.bing-int.com https://bat.bing.com https://c.seznam.cz https://cdn.binsiad.com https://cdn.browsiprod.com https://cdn.maptiler.com https://cdn.mathjax.org https://cdn.scalapay.com https://cdn.segment.com https://cdn.speedcurve.com https://cdn.stape.io https://cdn.viajala.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://connect.facebook.net https://content.r9cdn.net https://dl.metabar.ru https://edge.eu1.fullstory.com https://edge.fullstory.com https://gateway.ixopay.com https://go.linkwi.se https://googleads.g.doubleclick.net https://googletagmanager.com https://infird.com https://js.braintreegateway.com https://kiwicom.ixopaysandbox.com https://kiwicom.onelink.me https://log.banana.kiwi.com https://loox.io https://lottingem.com https://mainf.global-cache.online https://mc.yandex.ru https://mstat.acestream.net https://pagead2.googlesyndication.com https://partners.vio.com/js/set-iframe-height/setIframeHeight.min.js https://performance.radar.cloudflare.com https://pme.proquest.com https://pulse.clickguard.com https://retagro.com https://rs.fullstory.com https://s2.adform.net https://sc-static.net https://secured-pixel.com https://stapecdn.com https://static.kyc.red https://static.userguiding.com https://tags.creativecdn.com https://trans.xdtsmart.com https://translate.googleapis.com https://translate.yandex.net https://trx.dgtrk2.com https://www.artfut.com https://www.dwin1.com https://www.emjcd.com https://www.gfl85trk.com https://*.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://*.googletagmanager.com https://www.mczbf.com https://www.upsellit.com https://www.youtube.com https://yastatic.net https://*.appsflyer.com https://*.checkouttools.com https://*.cloudfront.net https://*.forter.com https://*.google.com https://*.infinario.com https://*.iperceptions.com https://*.kiwi.com https://*.online-metrix.net https://*.paypal.com https://*.revolut.com https://*.signifyd.com; worker-src 'self' blob: https://*.signifyd.com; style-src 'self' 'unsafe-inline' data: https:; img-src 'self' blob: data: https:; font-src 'self' data: https:; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-src 'self' https:; connect-src 'self' data: blob: https: wss://cdn0.forter.com; manifest-src 'self' https://kiwi.com https://*.kiwi.com; media-src data: https://*.kiwi.com https://*.fe-cloudrun.kiwi.com https://audiocdn.lingualeo.com https://cdn8.forter.com; report-to report-api;
upgrade-insecure-requests
Source
—
(no sources)
default-src
Keyword
—
'self'
frame-ancestors
Keyword
—
'self'
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
script-src
Scheme
—
blob:
script-src
Host
—
script-src
Host
—
script-src
Host
—
worker-src
Keyword
—
'self'
worker-src
Scheme
—
blob:
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
style-src
Scheme
—
data:
style-src
Scheme
—
https:
img-src
Keyword
—
'self'
img-src
Scheme
—
blob:
img-src
Scheme
—
data:
img-src
Scheme
—
https:
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
font-src
Scheme
—
https:
object-src
Keyword
—
'none'
base-uri
Keyword
—
'self'
form-action
Keyword
—
'self'
form-action
Scheme
—
https:
frame-src
Keyword
—
'self'
frame-src
Scheme
—
https:
connect-src
Keyword
—
'self'
connect-src
Scheme
—
data:
connect-src
Scheme
—
blob:
connect-src
Scheme
—
https:
manifest-src
Keyword
—
'self'
media-src
Scheme
—
data:
media-src
Host
—
report-to
Host
—
Content-Security-Policy-Report-Only
No report-only CSP headers found.