Open
Cached
·
just now
13
directives
Content-Security-Policy
Content-Security-Policy: upgrade-insecure-requests; block-all-mixed-content; default-src 'self'; font-src 'self' content.salesscreen.com fonts.intercomcdn.com; object-src 'none'; img-src https: js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com content.salesscreen.com; script-src 'self' widget.intercom.io js.intercomcdn.com app.intercom.io js.salesscreen.dev js.salesscreen.com salesscreenjsprod.blob.core.windows.net cdn.raygun.io https://unpkg.com https://challenges.cloudflare.com 'unsafe-inline'; form-action *.salesscreen.com https://app.hubspot.com/marketplace/3456949/listing/salesscreen/third-party-auth-state; style-src 'self' 'unsafe-inline' content.salesscreen.com; connect-src 'self' api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com https://content.salesscreen.com https://challenges.cloudflare.com; frame-src 'self' www.youtube.com https://challenges.cloudflare.com; media-src https: js.intercomcdn.com content.salesscreen.com; frame-ancestors https://*.salesscreen.com
upgrade-insecure-requests
Source
—
(no sources)
block-all-mixed-content
Source
—
(no sources)
default-src
Keyword
—
'self'
font-src
Keyword
—
'self'
object-src
Keyword
—
'none'
img-src
Scheme
—
https:
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-inline'
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
connect-src
Keyword
—
'self'
frame-src
Keyword
—
'self'
media-src
Scheme
—
https:
Content-Security-Policy-Report-Only
No report-only CSP headers found.