Open
Cached
·
just now
11
directives
Content-Security-Policy
Content-Security-Policy: default-src 'self' ;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com tucowsinc-team-920701353da848d17031474.freshchat.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wistia.com *.hsforms.net www.googletagmanager.com www.google.com static.hotjar.com *.hs-scripts.com www.gstatic.com *.sentry-cdn.com *.hs-analytics.net *.hotjar.com *.hs-banner.com js.usemessages.com *.hubspot.com www.zerobounce.net tucowsinc-team-920701353da848d17031474.freshchat.com ;font-src 'self' data: api-na1.hubspot.com fonts.gstatic.com *.wistia.com *.wistia.net *.hubspot.com ;img-src 'self' secure.gravatar.com data: www.google.ca track.hubspot.com dev.visualwebsiteoptimizer.com www.googletagmanager.com forms-na1.hsforms.com perf-na1.hsforms.com cta-service-cms2.hubspot.com static.hubspot.com static.hsappstatic.net fonts.gstatic.com *.wistia.com *.wistia.net *.ytimg.com *.linkedin.com www.zerobounce.net www.google.com alb.reddit.com bat.bing.com c.bing.com www.facebook.com connect.facebook.net ;connect-src analytics.google.com vc.hotjar.io content.hotjar.io metrics.hotjar.io px.ads.linkedin.com www.google-analytics.com 'self' wss://ws.hotjar.com www.google.ca api.hubspot.com dev.visualwebsiteoptimizer.com forms.hsforms.com forms-na1.hubspot.com fg8vvsvnieiv3ej16jby.litix.io cta-service-cms2.hubspot.com js.hs-banner.com stats.g.doubleclick.net *.wistia.com *.wistia.net unpkg.com www.google.com static.hsappstatic.net extension-api.zerobounce.net www.googletagmanager.com browser.sentry-cdn.com hooks.zapier.com www.googleadservices.com pixel-config.reddit.com bat.bing.com www.facebook.com mpc2-prod-25-is5qnl632q-wl.a.run.app api.hubapi.com ;script-src-elem www.googletagmanager.com js.hs-banner.com js.hs-analytics.net snap.licdn.com static.hotjar.com 'self' 'unsafe-inline' js.hs-scripts.com script.hotjar.com js.usemessages.com dev.visualwebsiteoptimizer.com js.sentry-cdn.com js.hsforms.net www.google.com www.gstatic.com js.hubspot.com browser.sentry-cdn.com *.wistia.com *.wistia.net unpkg.com www.zerobounce.net googleads.g.doubleclick.net www.redditstatic.com bat.bing.com connect.facebook.net eu.fw-cdn.com tucowsinc-team-920701353da848d17031474.freshchat.com js.hsadspixel.net ;worker-src 'self' 'unsafe-eval' blob: ;frame-src td.doubleclick.net www.google.com forms.hsforms.com app.hubspot.com tucows-20704235.hs-sites.com www.youtube.com dev.visualwebsiteoptimizer.com *.wistia.net www.googletagmanager.com bat.bing.com tucowsinc-team-920701353da848d17031474.freshchat.com www.facebook.com ;media-src 'self' blob campaigns.opensrs.com blob: *.wistia.com *.wistia.net ;frame-ancestors 'self' www.google.com ;
default-src
Keyword
—
'self'
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
img-src
Keyword
—
'self'
img-src
Scheme
—
data:
connect-src
Keyword
—
'self'
script-src-elem
Keyword
—
'self'
script-src-elem
Keyword
—
'unsafe-inline'
worker-src
Keyword
—
'self'
worker-src
Keyword
—
'unsafe-eval'
worker-src
Scheme
—
blob:
media-src
Keyword
—
'self'
media-src
Host
—
media-src
Scheme
—
blob:
frame-ancestors
Keyword
—
'self'
Content-Security-Policy-Report-Only
No report-only CSP headers found.