Open
Cached
·
just now
12
directives
Content-Security-Policy
Content-Security-Policy: child-src blob:; connect-src 'self' https: wss://ws.airbnb.com wss://ws.airbnb.cl https://netverify.com https://*.netverify.com wss: *.amap.com https://*.mapbox.com; default-src 'self' https: blob:; font-src 'self' data: https://*.muscache.com fonts.gstatic.com https://use.typekit.net https:; frame-src * https://*.cardinalcommerce.com; img-src 'self' https: data: https://*.mapbox.com blob:; media-src 'self' https: blob:; script-src 'self' 'unsafe-eval' https://a0.muscache.com https://cdn.siftscience.com https://ss.musthird.com https://t1.musthird.com https://bat.bing.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://maps.googleapis.com https://ajax.googleapis.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://smartlock.google.com https://accounts.google.com https://app.link https://cdn.branch.io https://api.branch.io https://bam.nr-data.net https://js-agent.newrelic.com https://ethn.io https://s.yimg.jp https://api.geetest.com https://monitor.geetest.com https://api.geevisit.com https://cdn.ampproject.org https://storage.googleapis.com/workbox-cdn/ https://tagmanager.google.com https://pay.google.com https://songbird.cardinalcommerce.com/ https://www.recaptcha.net https://www.gstatic.cn https://airbnb-api.arkoselabs.com https://h.online-metrix.net 'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc=' 'sha256-vPvbF7mM9h+nViyD8PeacaGLf/01gc9mAlxGpxiPENs=' 'sha256-CZnW0hvLQpXhjRl/rvattFn8GcIhxi8fcsCstVugtsI=' 'sha256-9jboJcALeftUTV/MuGjkJB5HDvqsPbm7/gTjfpkHiYc=' 'sha256-r98Buo6FoBRWWqqTV3XUgtcozHN4uxdwUycMqlCrWgk=' 'sha256-dEQLydru3z2yuRGS/8VzaalU2wY48xuXdoO1zDPmT/A=' 'sha256-jhpHTyypc46kfr10/bvvFfjxyJNZcDvM0XsDAD5PJ2k=' 'sha256-sM4TCqADHMBZKYgE9fgtWACAry8C6tqaPljxMeTJ+w4=' https: 'sha256-5Tl1cMvpowm216MNWitZcm6dh1Ufik1QFyA6KadNiAY=' 'sha256-rvARxjbuUxilxb9RkOEv8RtqGIsmGYKyxv2IIH4MsrA=' 'sha256-hlaumtWL6YXbATpvURLyKaWUWs/apEDvcs19lYsGwsU=' 'sha256-WN2aiDPIBwBxhoVjMemOYgECjT6LzuFTAdA/DMR7T3A=' 'sha256-QrtzfXzemhvC/0Mz4p5MTgyHZ11cOMx/iKBQ2QfQoYU=' 'sha256-hVPsqt8jazJS/0O76JubiA90S0KG9ImECF/df+CNljI=' 'sha256-RAgBnM0wf+EU6GLC4DAwrlPlxaWbSFOv9fEZHb22Zqc=' 'sha256-q7LfTX8CemAjvalJEQZ5S+i7nuNEVbFaU6xkHvEAOeQ=' 'sha256-Hn02be8UsaO1J728ZDxGZlZGXBd85lEw3JklFYpfGPQ=' 'sha256-69KvOim8N1PE+6rP6TRe0P6GgFBZdTuNV9Lrr9y8KMc=' 'sha256-AcTLk9SPBTCpOP4TyHDG+Id7/GS/5o3fNLVi6oMU5NM=' https://netverify.com https://*.netverify.com https://icm.aexp-static.com https://qicm.americanexpress.com https://qwww435.americanexpress.com https://checkout.americanexpress.com https://www.paypalobjects.com https://c.paypal.com https://www.paypal.com https://*.klarnacdn.net blob: https://vdata.amap.com https://webapi.amap.com https://restapi.amap.com https://*.mapbox.com https://cardinaltrusted.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://includes.ccdc02.com https://includestest.ccdc02.com https://client-api.arkoselabs.com https://cdn.plaid.com/link/v2/stable/link-initialize.js https://js.stripe.com https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://pagead2.googlesyndication.com; style-src 'self' https: 'unsafe-inline' https://*.mapbox.com; worker-src 'self' https: blob:; report-uri /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=31ea1836-c423-4745-1d57-aa25ff95daa7&version=sha%3D5f6d4824aba3&report_only=false; report-to /tracking/csp?controller=core-guest-loop&action=%2F&req_uuid=31ea1836-c423-4745-1d57-aa25ff95daa7&version=sha%3D5f6d4824aba3&report_only=false
child-src
Scheme
—
blob:
connect-src
Keyword
—
'self'
connect-src
Scheme
—
https:
connect-src
Scheme
—
wss:
default-src
Keyword
—
'self'
default-src
Scheme
—
https:
default-src
Scheme
—
blob:
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
font-src
Host
—
font-src
Scheme
—
https:
frame-src
Host
—
*
img-src
Keyword
—
'self'
img-src
Scheme
—
https:
img-src
Scheme
—
data:
img-src
Scheme
—
blob:
media-src
Keyword
—
'self'
media-src
Scheme
—
https:
media-src
Scheme
—
blob:
script-src
Keyword
—
'self'
script-src
Keyword
—
'unsafe-eval'
script-src
Host
—
script-src
Host
—
script-src
Host
—
script-src
Hash
—
'sha256-rAm9O8JPZLtQmd84zMDzhsG5q35JscESxxcaFL7+DDc='
script-src
Hash
—
'sha256-vPvbF7mM9h+nViyD8PeacaGLf/01gc9mAlxGpxiPENs='
script-src
Hash
—
'sha256-CZnW0hvLQpXhjRl/rvattFn8GcIhxi8fcsCstVugtsI='
script-src
Hash
—
'sha256-9jboJcALeftUTV/MuGjkJB5HDvqsPbm7/gTjfpkHiYc='
script-src
Hash
—
'sha256-r98Buo6FoBRWWqqTV3XUgtcozHN4uxdwUycMqlCrWgk='
script-src
Hash
—
'sha256-dEQLydru3z2yuRGS/8VzaalU2wY48xuXdoO1zDPmT/A='
script-src
Hash
—
'sha256-jhpHTyypc46kfr10/bvvFfjxyJNZcDvM0XsDAD5PJ2k='
script-src
Hash
—
'sha256-sM4TCqADHMBZKYgE9fgtWACAry8C6tqaPljxMeTJ+w4='
script-src
Scheme
—
https:
script-src
Hash
—
'sha256-5Tl1cMvpowm216MNWitZcm6dh1Ufik1QFyA6KadNiAY='
script-src
Hash
—
'sha256-rvARxjbuUxilxb9RkOEv8RtqGIsmGYKyxv2IIH4MsrA='
script-src
Hash
—
'sha256-hlaumtWL6YXbATpvURLyKaWUWs/apEDvcs19lYsGwsU='
script-src
Hash
—
'sha256-WN2aiDPIBwBxhoVjMemOYgECjT6LzuFTAdA/DMR7T3A='
script-src
Hash
—
'sha256-QrtzfXzemhvC/0Mz4p5MTgyHZ11cOMx/iKBQ2QfQoYU='
script-src
Hash
—
'sha256-hVPsqt8jazJS/0O76JubiA90S0KG9ImECF/df+CNljI='
script-src
Hash
—
'sha256-RAgBnM0wf+EU6GLC4DAwrlPlxaWbSFOv9fEZHb22Zqc='
script-src
Hash
—
'sha256-q7LfTX8CemAjvalJEQZ5S+i7nuNEVbFaU6xkHvEAOeQ='
script-src
Hash
—
'sha256-Hn02be8UsaO1J728ZDxGZlZGXBd85lEw3JklFYpfGPQ='
script-src
Hash
—
'sha256-69KvOim8N1PE+6rP6TRe0P6GgFBZdTuNV9Lrr9y8KMc='
script-src
Hash
—
'sha256-AcTLk9SPBTCpOP4TyHDG+Id7/GS/5o3fNLVi6oMU5NM='
script-src
Host
—
script-src
Scheme
—
blob:
script-src
Host
—
script-src
Host
—
script-src
Host
—
style-src
Keyword
—
'self'
style-src
Scheme
—
https:
style-src
Keyword
—
'unsafe-inline'
worker-src
Keyword
—
'self'
worker-src
Scheme
—
https:
worker-src
Scheme
—
blob:
Content-Security-Policy-Report-Only
No report-only CSP headers found.