Open
Cached
·
5h ago
14
directives
Content-Security-Policy
Content-Security-Policy: frame-ancestors 'self';, default-src 'self' data: gap: https://ssl.gstatic.com https://fonts.googleapis.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.gstatic.com/ 'unsafe-eval' ; script-src 'report-sample' 'unsafe-inline' 'self' *.adtrafficquality.google https://cdn.cookielaw.org https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hubspot.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://forms.hsforms.com https://www.socialintents.com https://www.google-analytics.com https://www.youtube.com https://js.hsforms.net https://maps.google.com https://cpwebassets.codepen.io/ https://public.codepenassets.com/ https://*.doubleclick.net https://*.googlesyndication.com; style-src 'report-sample' 'unsafe-inline' 'self' https://fonts.googleapis.com https://www.googletagmanager.com https://*.gstatic.com/ https://www.socialintents.com https://cdpn.io/; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.hubapi.com https://cdn.cookielaw.org https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net https://www.google-analytics.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hubspot.com https://maps.googleapis.com https://maps.google.com https://geolocation.onetrust.com/ https://*.googletagmanager.com https://*.doubleclick.net https://*.googlesyndication.com https://*.adtrafficquality.google https://*.gstatic.com; font-src 'self' 'unsafe-inline' https: data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://*.adtrafficquality.google https://*.google.com https://player.vimeo.com https://maps.googleapis.com https://www.youtube.com https://codepen.io/ https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com/; media-src *; worker-src 'self' data: gap: blob: *; frame-ancestors 'self' 'self' https://*.adtrafficquality.google https://www.google.com https://player.vimeo.com/; img-src 'self' data: content: https://*.adtrafficquality.google https://cdn.cookielaw.org https://forms.hsforms.com https://perf-na1.hsforms.com https://track.hubspot.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://forms-na1.hsforms.com https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://www.googletagmanager.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://*.doubleclick.net https://cdn.carfax.ca; fenced-frame-src 'self' *.google.com;
frame-ancestors
Keyword
—
'self'
,
Host
—
,
Keyword
—
'self'
,
Scheme
—
data:
,
Scheme
—
gap:
,
Keyword
—
'unsafe-eval'
script-src
Keyword
—
'report-sample'
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'self'
style-src
Keyword
—
'report-sample'
style-src
Keyword
—
'unsafe-inline'
style-src
Keyword
—
'self'
object-src
Keyword
—
'none'
base-uri
Keyword
—
'self'
connect-src
Keyword
—
'self'
font-src
Keyword
—
'self'
font-src
Keyword
—
'unsafe-inline'
font-src
Scheme
—
https:
font-src
Scheme
—
data:
frame-src
Keyword
—
'self'
media-src
Host
—
*
worker-src
Keyword
—
'self'
worker-src
Scheme
—
data:
worker-src
Scheme
—
gap:
worker-src
Scheme
—
blob:
worker-src
Host
—
*
frame-ancestors
Keyword
—
'self'
frame-ancestors
Keyword
—
'self'
img-src
Keyword
—
'self'
img-src
Scheme
—
data:
img-src
Scheme
—
content:
fenced-frame-src
Keyword
—
'self'
Content-Security-Policy-Report-Only
No report-only CSP headers found.