Open
Cached
·
just now
12
directives
Content-Security-Policy
No enforced CSP headers found.
Content-Security-Policy-Report-Only
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'report-sample' 'nonce-0f48d2c2532b85cbb6c556918c7c837b1c44c44e9d3e1921c1514af3ec6898d501294338ce2e44b291ac6498207bf236' stats.wp.com https://widgets.wp.com *.wordpress.com https://apis.google.com https://appleid.cdn-apple.com www.google-analytics.com use.typekit.net js.stripe.com js.verygoodvault.com www.paypal.com www.paypalobjects.com cdn.siftscience.com survey.survicate.com surveys-static-prd.survicate-cdn.com https://cdn.smooch.io https://static.zdassets.com *.zendesk.com https://www.gstatic.com https://static.ads-twitter.com https://connect.facebook.net https://snap.licdn.com www.redditstatic.com https://analytics.tiktok.com https://a.quora.com www.googletagmanager.com https://accounts.google.com https://bat.bing.com https://blackbox-api.wp.com; base-uri 'none'; style-src 'self' *.wp.com https://fonts.googleapis.com use.typekit.net surveys-static-prd.survicate-cdn.com https://cdn.smooch.io https://www.gstatic.com 'unsafe-inline'; form-action 'self'; object-src 'none'; img-src 'self' data: *.wp.com *.wp.org https://wordpress.com *.wordpress.com *.files.wordpress.com *.gravatar.com https://t.co https://www.google-analytics.com *.doubleclick.net https://analytics.twitter.com https://www.facebook.com https://alb.reddit.com https://*.google.com https://*.google.com.my https://*.google.co.uk https://*.google.de https://*.google.fr https://*.google.es https://*.google.it https://*.google.ca https://*.google.com.au https://*.google.co.jp https://*.google.com.br https://*.google.com.pk https://*.google.co.in https://*.google.com.mx https://*.google.nl https://*.google.co.id https://*.google.cd https://*.google.lu https://*.google.com.tr https://*.google.sm https://*.google.com.ng https://*.google.co.ma https://gravatar.com https://linkmaker.itunes.apple.com https://cdn.smooch.io https://bat.bing.com https://amplifypixel.outbrain.com https://hexagon-analytics.com https://img.youtube.com *.ads.linkedin.com https://ps.w.org https://ts.w.org https://s.w.org https://woocommerce.com localhost:8888 p.typekit.net https://q.quora.com; frame-src 'self' https://public-api.wordpress.com https://accounts.google.com/ https://www.googletagmanager.com https://jetpack.com *.doubleclick.net *.wordpress.com js.stripe.com *.stripe.com *.verygoodsecurity.com www.paypal.com *.paypal.com https://blackbox-api.wp.com; font-src 'self' *.wp.com https://fonts.gstatic.com use.typekit.net https://woocommerce.com surveys-static-prd.survicate-cdn.com https://cdn.smooch.io data:; media-src 'self'; connect-src 'self' https://*.wordpress.com/ wss://*.wordpress.com https://*.wp.com https://wordpress.com *.doubleclick.net https://api.wordpress.org https://pixel.wp.com https://*.google.com www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://survey.survicate.com *.sentry.io *.reddit.com https://analytics.tiktok.com https://a.quora.com *.stripe.com api.stripe.com *.verygoodsecurity.com *.paypal.com *.zendesk.com wss://*.zendesk.com https://ekr.zdassets.com https://*.config.smooch.io; report-uri /cspreport
default-src
Keyword
—
'self'
script-src
Keyword
—
'self'
script-src
Keyword
—
'report-sample'
script-src
Nonce
—
'nonce-0f48d2c2532b85cbb6c556918c7c837b1c44c44e9d3e1921c1514af3ec6898d501294338ce2e44b291ac6498207bf236'
base-uri
Keyword
—
'none'
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
form-action
Keyword
—
'self'
object-src
Keyword
—
'none'
img-src
Keyword
—
'self'
img-src
Scheme
—
data:
img-src
Host
—
img-src
Host
—
img-src
Host
—
frame-src
Keyword
—
'self'
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
media-src
Keyword
—
'self'
connect-src
Keyword
—
'self'
report-uri
Host
—