Open
Cached
·
just now
9
directives
Content-Security-Policy
Content-Security-Policy: base-uri 'self'; script-src 'self' 'unsafe-eval' 'strict-dynamic' *.bunq.com *.bunq.net *.bunq.me *.bunq.to *.bunq.ph *.tricount.com *.splitcost.org *.adyen.com *.fontawesome.com *.google-analytics.com *.googleapis.com *.hcaptcha.com wss://*.vonage.com *.vonage.com wss://*.incode.com wss://*.tokbox.com *.incodesmile.com *.opentok.com *.tokbox.com *.recaptcha.net *.snapchat.com *.thisgreencolumn.com analytics.tiktok.com cdn.i18nexus.com api.i18nexus.com api.ipify.org api.onfido.com wss://*.onfido.com app.adjust.com app.adjust.net.in app.adjust.world cdn.checkout.com d3vv997wtl2myz.cloudfront.net featureassets.org prodregistryv2.org www.googletagmanager.com www.signupbunq.com analytics-ipv6.tiktokw.us apps.rokt-api.com bunq-triage-model-storage.s3.eu-central-1.amazonaws.com bunq-prod-model-storage.s3.eu-central-1.amazonaws.com bunq-triage-model-storage-public.s3.eu-central-1.amazonaws.com bunq-prod-model-storage-public.s3.eu-central-1.amazonaws.com 'nonce-ggDt8kL78+eO5CnnUGjV9TUb+c3NBZX0m0XmycrErAQ='; connect-src 'self' data: 'strict-dynamic' *.bunq.com *.bunq.net *.bunq.me *.bunq.to *.bunq.ph *.tricount.com *.splitcost.org *.adyen.com *.fontawesome.com *.google-analytics.com *.googleapis.com *.hcaptcha.com wss://*.vonage.com *.vonage.com wss://*.incode.com wss://*.tokbox.com *.incodesmile.com *.opentok.com *.tokbox.com *.recaptcha.net *.snapchat.com *.thisgreencolumn.com analytics.tiktok.com cdn.i18nexus.com api.i18nexus.com api.ipify.org api.onfido.com wss://*.onfido.com app.adjust.com app.adjust.net.in app.adjust.world cdn.checkout.com d3vv997wtl2myz.cloudfront.net featureassets.org prodregistryv2.org www.googletagmanager.com www.signupbunq.com analytics-ipv6.tiktokw.us apps.rokt-api.com bunq-triage-model-storage.s3.eu-central-1.amazonaws.com bunq-prod-model-storage.s3.eu-central-1.amazonaws.com bunq-triage-model-storage-public.s3.eu-central-1.amazonaws.com bunq-prod-model-storage-public.s3.eu-central-1.amazonaws.com 'nonce-ggDt8kL78+eO5CnnUGjV9TUb+c3NBZX0m0XmycrErAQ='; object-src 'none'; frame-src 'self' *.bunq.com *.bunq.net *.bunq.me *.bunq.to *.bunq.ph *.tricount.com *.splitcost.org *.adyen.com *.google.com *.hcaptcha.com *.recaptcha.net *.snapchat.com *.thisgreencolumn.com cdn.checkout.com 'nonce-ggDt8kL78+eO5CnnUGjV9TUb+c3NBZX0m0XmycrErAQ='; frame-ancestors 'self' *.bunq.com *.bunq.net *.bunq.me *.bunq.to *.bunq.ph *.tricount.com *.splitcost.org; worker-src 'self' 'strict-dynamic' blob: 'nonce-ggDt8kL78+eO5CnnUGjV9TUb+c3NBZX0m0XmycrErAQ='; report-uri https://sentry.bunq.com/api/62/security/?sentry_key=07e8a07906fa4cf897f40df56e222c77; report-to csp-endpoint;
base-uri
Keyword
—
'self'
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-eval'
script-src
Keyword
—
'strict-dynamic'
script-src
Host
—
script-src
Host
—
script-src
Host
—
script-src
Host
—
script-src
Nonce
—
'nonce-ggDt8kL78+eO5CnnUGjV9TUb+c3NBZX0m0XmycrErAQ='
connect-src
Keyword
—
'self'
connect-src
Scheme
—
data:
connect-src
Keyword
—
'strict-dynamic'
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Nonce
—
'nonce-ggDt8kL78+eO5CnnUGjV9TUb+c3NBZX0m0XmycrErAQ='
object-src
Keyword
—
'none'
frame-src
Keyword
—
'self'
frame-src
Host
—
frame-src
Host
—
frame-src
Host
—
frame-src
Nonce
—
'nonce-ggDt8kL78+eO5CnnUGjV9TUb+c3NBZX0m0XmycrErAQ='
frame-ancestors
Keyword
—
'self'
frame-ancestors
Host
—
frame-ancestors
Host
—
worker-src
Keyword
—
'self'
worker-src
Keyword
—
'strict-dynamic'
worker-src
Scheme
—
blob:
worker-src
Nonce
—
'nonce-ggDt8kL78+eO5CnnUGjV9TUb+c3NBZX0m0XmycrErAQ='
report-to
Host
—
Content-Security-Policy-Report-Only
No report-only CSP headers found.