Open
Cached
·
just now
10
directives
Content-Security-Policy
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com analytics.google.com js.qualified.com js-agent.newrelic.com *.zoominfo.com *.zi-scripts.com cdn.cookielaw.org cdn.pardot.com pi.pardot.com *.posthog.com vercel.live *.bing.com *.bing.net go.babelstreet.com; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: cdn.sanity.io *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.google.co.uk *.google.co.in *.google.co.jp *.google.co.kr *.google.co.id *.google.co.th *.google.co.za *.google.co.nz *.google.com.au *.google.com.br *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.pk *.google.com.ph *.google.com.eg *.google.com.ar *.google.com.ng *.google.com.tw *.google.com.vn *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.se *.google.pl *.google.ch *.google.at *.google.be *.google.ca *.google.ae cdn.cookielaw.org *.bing.com *.bing.net static.carahsoft.com d1418wpyaxxvno.cloudfront.net; font-src 'self' d2cn40jarzxub5.cloudfront.net d1418wpyaxxvno.cloudfront.net; media-src 'self' cdn.sanity.io app.qualified.com assets.qualified.com; connect-src 'self' *.sanity.io *.googletagmanager.com *.google-analytics.com analytics.google.com *.google.com *.googleadservices.com *.doubleclick.net *.google.co.uk *.google.co.in *.google.co.jp *.google.co.kr *.google.co.id *.google.co.th *.google.co.za *.google.co.nz *.google.com.au *.google.com.br *.google.com.mx *.google.com.sg *.google.com.tr *.google.com.pk *.google.com.ph *.google.com.eg *.google.com.ar *.google.com.ng *.google.com.tw *.google.com.vn *.google.de *.google.fr *.google.it *.google.es *.google.nl *.google.se *.google.pl *.google.ch *.google.at *.google.be *.google.ca *.google.ae wss://*.qualified.com app.qualified.com bam.nr-data.net *.zoominfo.com *.zi-scripts.com cdn.cookielaw.org *.onetrust.com cdn.pardot.com pi.pardot.com *.posthog.com vercel.live *.bing.com *.bing.net go.babelstreet.com api.greenhouse.io *.algolia.net; frame-src *.googletagmanager.com www.youtube.com player.vimeo.com fast.wistia.net go.babelstreet.com vercel.live cdn.sanity.io app.qualified.com *.demo.babelstreet.com; frame-ancestors 'self' http://localhost:3000 http://localhost:3001 https://*.sanity.studio; upgrade-insecure-requests;
default-src
Keyword
—
'self'
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
script-src
Scheme
—
blob:
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
img-src
Keyword
—
'self'
img-src
Scheme
—
blob:
img-src
Scheme
—
data:
img-src
Host
—
font-src
Keyword
—
'self'
media-src
Keyword
—
'self'
connect-src
Keyword
—
'self'
connect-src
Host
—
frame-ancestors
Keyword
—
'self'
frame-ancestors
Host
—
frame-ancestors
Host
—
upgrade-insecure-requests
Source
—
(no sources)
Content-Security-Policy-Report-Only
No report-only CSP headers found.