Open
Cached
·
just now
14
directives
Content-Security-Policy
Content-Security-Policy: base-uri 'self'; default-src 'self' *.atlassian.com *.intercomcdn.com *.orangelogic.com *.6sc.co *.6sense.com sourcetreeapp.com *.sourcetreeapp.com bitbucket.org *.bitbucket.org; script-src 'self' *.gstatic.com *.cookielaw.org *.public.atl-paas.net *.prod.atl-paas.net *.googletagmanager.com *.marketo.net *.marketo.com *.atlassian.com utt.impactcdn.com *.google.com *.doubleclick.com *.googleadservices.com *.livechatinc.com *.bing.com *.quora.com *.yimg.jp *.clicktale.net *.linkedin.com *.twitter.com *.licdn.com *.demandbase.com *.doubleclick.net *.facebook.net *.redditstatic.com *.clearbitscripts.com *.clarity.ms *.vimeo.com *.google-analytics.com facebook.com *.facebook.com impactcdn.com *.impactcdn.com clearbitjs.com *.clearbitjs.com yahoo.co.jp *.yahoo.co.jp *.recaptcha.net *.ads-twitter.com *.intercom.io *.intercomcdn.com *.jsdelivr.net *.6sc.co *.6sense.com *.techtarget.com *.capterra.com sourcetreeapp.com *.sourcetreeapp.com bitbucket.org *.bitbucket.org roundprincethere.com *.roundprincethere.com bzrcdn.openai.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.public.atl-paas.net *.prod.atl-paas.net fonts.googleapis.com *.googletagmanager.com sourcetreeapp.com *.sourcetreeapp.com bitbucket.org *.bitbucket.org 'unsafe-inline'; img-src 'self' blob: data: atlassian.com *.atlassian.com *.cookielaw.org *.gravatar.com *.wp.com fd-assets.prod.atl-paas.net pixel.pointmediatracker.com *.prod.public.atl-paas.net cnv.event.prod.bidr.io *.doubleclick.net *.clicktale.net *.bing.com rlcdn.com reddit.com quora.com *.rlcdn.com *.reddit.com *.quora.com *.ctfassets.net *.linkedin.com *.google.com *.google.com.au *.company-target.com *.facebook.com *.google-analytics.com *.twitter.com t.co *.intercomcdn.com *.intercomassets.com *.frontend.public.atl-paas.net *.orangelogic.com *.googletagmanager.com img.logo.dev *.atlassian.net sourcetreeapp.com *.sourcetreeapp.com bitbucket.org *.bitbucket.org bytebucket.org *.bytebucket.org bitbucket-assetroot.s3.amazonaws.com b.6sc.co obs.roundprincethere.com; font-src 'self' *.ctfassets.net *.intercomcdn.com *.gstatic.com *.frontend.public.atl-paas.net *.atl.orangelogic.com; frame-ancestors 'none'; form-action 'self' pages.eml.atlassian.com app-ab35.marketo.com *.marketo.com *.mktoresp.com *.facebook.com; report-uri https://web-security-reports.services.atlassian.com/csp-report/wac-web; report-to csp-default-endpoint; connect-src 'self' ws: atlassian.com *.atlassian.com *.cookielaw.org *.onetrust.com *.public.atl-paas.net *.prod.atl-paas.net *.mktoresp.com *.marketo.com *.ingest.sentry.io *.workato.com atlassian.sjv.io statsigapi.net *.statsigapi.net *.contentful.com atlassian.net *.clicktale.net *.contentsquare.net *.bing.com google-analytics.com company-target.com linkedin.com *.google-analytics.com *.company-target.com *.linkedin.com *.doubleclick.net *.reddit.com *.redditstatic.com *.google.com *.demandbase.com *.clarity.ms *.clearbit.com *.intercom.io *.algolianet.com *.algolia.net *.algolia.io *.recaptcha.net https://unpkg.com/@rive-app/ *.facebook.com *.orangelogic.com *.adnxs.com *.6sc.co *.6sense.com m.castle.io apis.auxia.io *.atlassian.net https://participant.connect.us-east-1.amazonaws.com wss://participant.connect.us-east-1.amazonaws.com *.connect.us-east-1.amazonaws.com sourcetreeapp.com *.sourcetreeapp.com bitbucket.org *.bitbucket.org obs.roundprincethere.com ibc-flow.techtarget.com; worker-src 'self' blob:; frame-src 'self' *.youtube.com *.google.com *.doubleclick.net *.recaptcha.net *.atl-paas.net pages.eml.atlassian.com app-ab35.marketo.com *.marketo.com *.mktoresp.com *.company-target.com *.googletagmanager.com *.atlassian.net *.facebook.com; media-src 'self' *.ctfassets.net *.atlassian.com *.orangelogic.com
base-uri
Keyword
—
'self'
default-src
Keyword
—
'self'
script-src
Keyword
—
'self'
script-src
Host
—
script-src
Host
—
script-src
Host
—
script-src
Host
—
script-src
Host
—
script-src
Keyword
—
'unsafe-eval'
script-src
Keyword
—
'unsafe-inline'
style-src
Keyword
—
'self'
style-src
Host
—
style-src
Keyword
—
'unsafe-inline'
img-src
Keyword
—
'self'
img-src
Scheme
—
blob:
img-src
Scheme
—
data:
img-src
Host
—
font-src
Keyword
—
'self'
font-src
Host
—
frame-ancestors
Keyword
—
'none'
form-action
Keyword
—
'self'
report-to
Host
—
connect-src
Keyword
—
'self'
connect-src
Scheme
—
ws:
connect-src
Host
—
worker-src
Keyword
—
'self'
worker-src
Scheme
—
blob:
frame-src
Keyword
—
'self'
media-src
Keyword
—
'self'
Content-Security-Policy-Report-Only
No report-only CSP headers found.