Open
Cached
·
just now
16
directives
Content-Security-Policy
Content-Security-Policy: base-uri 'self'; child-src https://www.dropbox.com/static/serviceworker/ blob:; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/; default-src 'none'; font-src 'self' data: https://*; form-action 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker; frame-ancestors 'self'; frame-src https://* dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: blob:; img-src https://* data: blob:; media-src https://* blob:; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://edge-live.dropboxstatic.com/static/; report-to csp-metaserver-whitelist; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://edge-live.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://www.paypal.com/sdk/js https://applepay.cdn-apple.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline'; style-src https://* 'unsafe-inline' 'unsafe-eval'; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob:
base-uri
Keyword
—
'self'
child-src
Scheme
—
blob:
connect-src
Host
—
https://*
connect-src
Host
—
connect-src
Scheme
—
blob:
default-src
Keyword
—
'none'
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
font-src
Host
—
https://*
form-action
Keyword
—
'self'
frame-ancestors
Keyword
—
'self'
frame-src
Host
—
https://*
frame-src
Scheme
—
dbapi-6:
frame-src
Scheme
—
dbapi-7:
frame-src
Scheme
—
dbapi-8:
frame-src
Scheme
—
dropbox-client:
frame-src
Scheme
—
itms-apps:
frame-src
Scheme
—
itms-appss:
frame-src
Scheme
—
blob:
img-src
Host
—
https://*
img-src
Scheme
—
data:
img-src
Scheme
—
blob:
media-src
Host
—
https://*
media-src
Scheme
—
blob:
object-src
Keyword
—
'self'
report-to
Host
—
script-src
Keyword
—
'unsafe-eval'
script-src
Keyword
—
'inline-speculation-rules'
script-src
Keyword
—
'unsafe-inline'
style-src
Host
—
https://*
style-src
Keyword
—
'unsafe-inline'
style-src
Keyword
—
'unsafe-eval'
worker-src
Scheme
—
blob:
Content-Security-Policy-Report-Only
No report-only CSP headers found.