Open
Cached
·
just now
5
directives
Content-Security-Policy
Content-Security-Policy: frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-a43624d4-2cac-4ba7-8491-28a0ed045e2b' 'wasm-unsafe-eval' https://www.google.com/recaptcha/api.js;
frame-ancestors
Keyword
—
'self'
base-uri
Keyword
—
'self'
object-src
Keyword
—
'none'
script-src
Keyword
—
'report-sample'
script-src
Keyword
—
'strict-dynamic'
script-src
Nonce
—
'nonce-a43624d4-2cac-4ba7-8491-28a0ed045e2b'
script-src
Keyword
—
'wasm-unsafe-eval'
Content-Security-Policy-Report-Only
No report-only CSP headers found.