Open
Cached
·
just now
14
directives
Content-Security-Policy
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://static.hotjar.com https://script.hotjar.com https://cdn.jsdelivr.net https://unpkg.com https://va.vercel-scripts.com https://wati-integration-prod-service.clare.ai https://snap.licdn.com https://www.clarity.ms https://scripts.clarity.ms https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.cloudflareinsights.com https://*.nitrocommerce.ai; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://connect.facebook.net https://www.facebook.com https://static.hotjar.com https://script.hotjar.com https://cdn.jsdelivr.net https://unpkg.com https://va.vercel-scripts.com https://wati-integration-prod-service.clare.ai https://snap.licdn.com https://www.clarity.ms https://scripts.clarity.ms https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.cloudflareinsights.com https://*.nitrocommerce.ai; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://unpkg.com; img-src 'self' data: blob: https: http://localhost:1337; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net; connect-src 'self' https://blcwdqfhupddorxpdcjl.supabase.co https://callback.miles-api.com https://webhook.miles-api.com https://api.mileseducation.com https://strapi.miles-api.com https://miles-events-cms-prod-154625965269.asia-south1.run.app https://mfx-prod-154625965269.asia-south1.run.app https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com https://api.whatsapp.com https://vitals.vercel-insights.com https://api.ipify.org https://www.google.com https://px.ads.linkedin.com https://*.clarity.ms https://www.google.co.in https://www.googleadservices.com https://milesblog-django-live-154625965269.asia-south1.run.app https://website-cms-backend-prod-154625965269.asia-south1.run.app https://hooks.zapier.com/hooks/catch/7954435/u9t45ya/ https://one.mileseducation.us/functions/v1/create-lead https://*.nitrocommerce.ai https://t.makehook.ws; frame-src 'self' https://www.youtube.com https://www.google.com https://www.facebook.com https://td.doubleclick.net https://www.googletagmanager.com https://t.makehook.ws; object-src 'none'; base-uri 'self'; form-action 'self' https://callback.miles-api.com https://webhook.miles-api.com https://www.facebook.com; frame-ancestors 'self'; upgrade-insecure-requests; media-src 'self' https://ik.imagekit.io blob: data:
default-src
Keyword
—
'self'
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
script-src-elem
Keyword
—
'self'
script-src-elem
Keyword
—
'unsafe-inline'
script-src-elem
Keyword
—
'unsafe-eval'
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
img-src
Keyword
—
'self'
img-src
Scheme
—
data:
img-src
Scheme
—
blob:
img-src
Scheme
—
https:
img-src
Host
—
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
connect-src
Keyword
—
'self'
connect-src
Host
—
frame-src
Keyword
—
'self'
object-src
Keyword
—
'none'
base-uri
Keyword
—
'self'
form-action
Keyword
—
'self'
frame-ancestors
Keyword
—
'self'
upgrade-insecure-requests
Source
—
(no sources)
media-src
Keyword
—
'self'
media-src
Scheme
—
blob:
media-src
Scheme
—
data:
Content-Security-Policy-Report-Only
No report-only CSP headers found.