Open
Cached
·
just now
14
directives
Content-Security-Policy
Content-Security-Policy: default-src blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'nonce-hNBvLFj1' blob: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com *.instagram.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net accounts.meta.com *.accounts.meta.com https://trustly.one/ https://*.trustly.one/ https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;manifest-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;object-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
default-src
Scheme
—
blob:
default-src
Keyword
—
'self'
script-src
Host
—
script-src
Nonce
—
'nonce-hNBvLFj1'
script-src
Scheme
—
blob:
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-eval'
style-src
Scheme
—
data:
style-src
Keyword
—
'unsafe-inline'
connect-src
Host
—
connect-src
Scheme
—
blob:
connect-src
Keyword
—
'self'
connect-src
Host
—
font-src
Scheme
—
data:
img-src
Scheme
—
data:
img-src
Scheme
—
blob:
img-src
Scheme
—
android-webview-video-poster:
img-src
Host
—
media-src
Scheme
—
blob:
media-src
Scheme
—
data:
child-src
Scheme
—
data:
child-src
Scheme
—
blob:
child-src
Keyword
—
'self'
frame-src
Scheme
—
data:
manifest-src
Scheme
—
data:
manifest-src
Scheme
—
blob:
manifest-src
Keyword
—
'self'
object-src
Scheme
—
data:
object-src
Scheme
—
blob:
object-src
Keyword
—
'self'
worker-src
Scheme
—
blob:
worker-src
Scheme
—
data:
block-all-mixed-content
Source
—
(no sources)
upgrade-insecure-requests
Source
—
(no sources)
Content-Security-Policy-Report-Only
No report-only CSP headers found.