Open
Cached
·
just now
6
directives
Content-Security-Policy
Content-Security-Policy: default-src 'self' https://browsercheck.xero.com https://edge.xero.com https://js-agent.newrelic.com https://bam.nr-data.net https://telemetry.ext.platformdevelopment.xero.com https://api.mixpanel.com https://*.coveo.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://user-tracking-api.dgt-digital-marketing.xero.com https://*.fls.doubleclick.net https://stats.g.doubleclick.net https://ad.doubleclick.net https://td.doubleclick.net https://www.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://analytics.google.com https://google-analytics.com https://fonts.gstatic.com https://www.google.com https://www.google.com.au https://www.google.co.nz https://www.google.co.uk https://www.google.co.za https://www.google.com.sg https://www.google.ca https://www.google.com.ph https://www.google.com.hk https://www.google.co.in https://www.google.co.id https://www.google.com.my https://www.google.ie https://www.google.ae https://xerolytics.xero.com https://*.launchdarkly.com https://identity.xero.com https://login.xero.com https://go.xero.com https://static.xero.com https://profiles.xero.com https://product-analytics-bff.xero.com https://nhm-api.internalsystems.xero.com 'unsafe-inline'; frame-ancestors https://practice.xero.com; script-src 'nonce-4f73ead23ec659ba52964ce36a576bc1' 'self' https://browsercheck.xero.com https://edge.xero.com https://js-agent.newrelic.com https://bam.nr-data.net https://telemetry.ext.platformdevelopment.xero.com https://api.mixpanel.com https://*.coveo.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://user-tracking-api.dgt-digital-marketing.xero.com https://*.fls.doubleclick.net https://stats.g.doubleclick.net https://ad.doubleclick.net https://td.doubleclick.net https://www.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://analytics.google.com https://google-analytics.com https://fonts.gstatic.com https://www.google.com https://www.google.com.au https://www.google.co.nz https://www.google.co.uk https://www.google.co.za https://www.google.com.sg https://www.google.ca https://www.google.com.ph https://www.google.com.hk https://www.google.co.in https://www.google.co.id https://www.google.com.my https://www.google.ie https://www.google.ae https://xerolytics.xero.com https://*.launchdarkly.com https://identity.xero.com https://login.xero.com https://go.xero.com https://static.xero.com https://profiles.xero.com https://product-analytics-bff.xero.com https://nhm-api.internalsystems.xero.com 'unsafe-inline' 'nonce-wrWEkpIc1jpmbtPN6p+FaA==' ; img-src 'self' https://browsercheck.xero.com https://edge.xero.com https://js-agent.newrelic.com https://bam.nr-data.net https://telemetry.ext.platformdevelopment.xero.com https://api.mixpanel.com https://*.coveo.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://user-tracking-api.dgt-digital-marketing.xero.com https://*.fls.doubleclick.net https://stats.g.doubleclick.net https://ad.doubleclick.net https://td.doubleclick.net https://www.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://analytics.google.com https://google-analytics.com https://fonts.gstatic.com https://www.google.com https://www.google.com.au https://www.google.co.nz https://www.google.co.uk https://www.google.co.za https://www.google.com.sg https://www.google.ca https://www.google.com.ph https://www.google.com.hk https://www.google.co.in https://www.google.co.id https://www.google.com.my https://www.google.ie https://www.google.ae https://xerolytics.xero.com https://*.launchdarkly.com https://identity.xero.com https://login.xero.com https://go.xero.com https://static.xero.com https://profiles.xero.com https://product-analytics-bff.xero.com https://nhm-api.internalsystems.xero.com; connect-src 'self' https://browsercheck.xero.com https://edge.xero.com https://js-agent.newrelic.com https://bam.nr-data.net https://telemetry.ext.platformdevelopment.xero.com https://api.mixpanel.com https://*.coveo.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://user-tracking-api.dgt-digital-marketing.xero.com https://*.fls.doubleclick.net https://stats.g.doubleclick.net https://ad.doubleclick.net https://td.doubleclick.net https://www.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://analytics.google.com https://google-analytics.com https://fonts.gstatic.com https://www.google.com https://www.google.com.au https://www.google.co.nz https://www.google.co.uk https://www.google.co.za https://www.google.com.sg https://www.google.ca https://www.google.com.ph https://www.google.com.hk https://www.google.co.in https://www.google.co.id https://www.google.com.my https://www.google.ie https://www.google.ae https://xerolytics.xero.com https://*.launchdarkly.com https://identity.xero.com https://login.xero.com https://go.xero.com https://static.xero.com https://profiles.xero.com https://product-analytics-bff.xero.com https://nhm-api.internalsystems.xero.com ; report-uri /cspreport
default-src
Keyword
—
'self'
default-src
Host
—
default-src
Keyword
—
'unsafe-inline'
script-src
Nonce
—
'nonce-4f73ead23ec659ba52964ce36a576bc1'
script-src
Keyword
—
'self'
script-src
Host
—
script-src
Keyword
—
'unsafe-inline'
script-src
Nonce
—
'nonce-wrWEkpIc1jpmbtPN6p+FaA=='
img-src
Keyword
—
'self'
img-src
Host
—
connect-src
Keyword
—
'self'
connect-src
Host
—
report-uri
Host
—
Content-Security-Policy-Report-Only
No report-only CSP headers found.