Open
Cached
·
10h ago
8
directives
Content-Security-Policy
Content-Security-Policy: default-src 'self' cdn.segment.com myob.com *.myob.com *.myobdev.com *.ninetailed.co *.clarity.ms *.bing.com *.linkedin.com *.reddit.com connect.facebook.net *.facebook.com *.fullstory.com *.segmentapis.com *.google.com.au *.redditstatic.com d.impactradius-event.com analytics.tiktok.com analytics-ipv6.tiktokw.us www.googletagmanager.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-banner.com *.hubspot.com *.hubspotfeedback.com *.hs-analytics.net *.segment.io *.hsappstatic.net *.clickagy.com *.adsrvr.org *.zoominfo.com feedback.hubapi.com *.survicate.com snap.licdn.com *.pinimg.com *.google.com *.google-analytics.com fast.wistia.net *.mypurecloud.com.au *.newrelic.com *.pinterest.com *.zi-scripts.com *.doubleclick.net *.wistia.com *.youtube.com *.youtu.be *.jsdelivr.net *.algolia.io *.algolia.net *.algolia.com alg.li *.algolianet.com *.ctfassets.net *.sentry-cdn.com *.sentry.io *.contentful.com *.survicate-cdn.com *.googleapis.com *.zdassets.com *.zendesk.com *.googleadservices.com myob.74xz8u.net d.impct.site google.com recaptcha.net *.gstatic.com d34r8q7sht0t9k.cloudfront.net ipv4.pdscrb.com ws: blob:; script-src 'self' cdn.segment.com myob.com *.myob.com *.myobdev.com *.ninetailed.co *.clarity.ms *.bing.com *.linkedin.com *.reddit.com connect.facebook.net *.facebook.com *.fullstory.com *.segmentapis.com *.google.com.au *.redditstatic.com d.impactradius-event.com analytics.tiktok.com analytics-ipv6.tiktokw.us www.googletagmanager.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hs-banner.com *.hubspot.com *.hubspotfeedback.com *.hs-analytics.net *.segment.io *.hsappstatic.net *.clickagy.com *.adsrvr.org *.zoominfo.com feedback.hubapi.com *.survicate.com snap.licdn.com *.pinimg.com *.google.com *.google-analytics.com fast.wistia.net *.mypurecloud.com.au *.newrelic.com *.pinterest.com *.zi-scripts.com *.doubleclick.net *.wistia.com *.youtube.com *.youtu.be *.jsdelivr.net *.algolia.io *.algolia.net *.algolia.com alg.li *.algolianet.com *.ctfassets.net *.sentry-cdn.com *.sentry.io *.contentful.com *.survicate-cdn.com *.googleapis.com *.zdassets.com *.zendesk.com *.googleadservices.com myob.74xz8u.net d.impct.site google.com recaptcha.net *.gstatic.com d34r8q7sht0t9k.cloudfront.net ipv4.pdscrb.com 'unsafe-eval' 'unsafe-inline' ws: blob:; style-src 'self' *.myob.com *.myobdev.com *.wistia.com *.survicate.com *.survicate-cdn.com www.googletagmanager.com *.googleapis.com 'unsafe-inline' ws: blob:; img-src 'self' *.myob.com *.myobdev.com *.wistia.com *.ctfassets.net *.survicate-cdn.com data: https: ws: blob:; font-src 'self' *.myob.com *.myobdev.com *.wistia.com *.survicate-cdn.com fonts.gstatic.com data:; object-src 'none'; frame-src *; frame-ancestors *;
default-src
Keyword
—
'self'
default-src
Host
—
default-src
Host
—
default-src
Host
—
default-src
Scheme
—
ws:
default-src
Scheme
—
blob:
script-src
Keyword
—
'self'
script-src
Host
—
script-src
Host
—
script-src
Host
—
script-src
Keyword
—
'unsafe-eval'
script-src
Keyword
—
'unsafe-inline'
script-src
Scheme
—
ws:
script-src
Scheme
—
blob:
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
style-src
Scheme
—
ws:
style-src
Scheme
—
blob:
img-src
Keyword
—
'self'
img-src
Scheme
—
data:
img-src
Scheme
—
https:
img-src
Scheme
—
ws:
img-src
Scheme
—
blob:
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
object-src
Keyword
—
'none'
frame-src
Host
—
*
frame-ancestors
Host
—
*
Content-Security-Policy-Report-Only
No report-only CSP headers found.