Open
Cached
·
just now
7
directives
Content-Security-Policy
Content-Security-Policy: object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://www.navistechnologies.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://connect.facebook.net https://bat.bing.com https://cdn.pagesense.io https://twi.revinate.com *.sojern.com *.cookielaw.org https://analytics.google.com https://storage.googleapis.com/embed-script.letsway.com/v1-latest/main.js *.kouto.co *.stripe.com *.imagekit.io *.googleapis.com https://api.letsway.com/ https://js.stripe.com/ https://api.cartstack.com https://integration.flip.to https://cdn.flip.to https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://truetour.app https://unpkg.com; style-src 'self' 'unsafe-inline' https://www.thenewburyboston.com https://cloud.typography.com https://fonts.googleapis.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' https://thenewburyboston.hotelwifi.com https://app.thenewburyboston.com https://app.thenewburyboston.com:8443; report-uri https://www.thenewburyboston.com/system/reporting/default; report-to default
object-src
Keyword
—
'none'
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
style-src-attr
Keyword
—
'self'
style-src-attr
Keyword
—
'unsafe-inline'
frame-ancestors
Keyword
—
'self'
frame-ancestors
Host
—
report-to
Host
—
Content-Security-Policy-Report-Only
No report-only CSP headers found.