Open
Cached
·
just now
11
directives
Content-Security-Policy
Content-Security-Policy: connect-src 'self' *.kroo.com rum.browser-intake-datadoghq.eu *.google-analytics.com *.g.doubleclick.net *.analytics.google.com *.trustpilot.com *.googletagmanager.com us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink pagead2.googlesyndication.com *.hotjar.io wss://ws.hotjar.com *.google.com *.onfido.com sdk.onfido.com wss://sync.onfido.com solve-widget.forethought.ai/embed.js.map web-api.kroo.com; default-src 'self'; font-src 'self' https://fonts.googleapis.com/css https://fonts.gstatic.com; frame-src solve-widget.forethought.ai/ *.trustpilot.com td.doubleclick.net player.vimeo.com *.googletagmanager.com *.onfido.com *.youtube.com; img-src 'self' https: data:; object-src 'none'; script-src-elem 'self' 'unsafe-inline' solve-widget.forethought.ai/embed.js *.trustpilot.com *.googletagmanager.com *.hotjar.com connect.facebook.net cdn.pdst.fm/ping.min.js *.google-analytics.com/analytics.js *.googleoptimize.com/optimize.js googleads.g.doubleclick.net *.googleadservices.com pagead2.googlesyndication.com/* fonts.googleapis.com *.onfido.com sdk.onfido.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com/icon fonts.googleapis.com/css *.googletagmanager.com fonts.googleapis.com sdk.onfido.com; form-action 'self'; frame-ancestors *.kroo.com
connect-src
Keyword
—
'self'
default-src
Keyword
—
'self'
font-src
Keyword
—
'self'
img-src
Keyword
—
'self'
img-src
Scheme
—
https:
img-src
Scheme
—
data:
object-src
Keyword
—
'none'
script-src-elem
Keyword
—
'self'
script-src-elem
Keyword
—
'unsafe-inline'
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
style-src-elem
Keyword
—
'self'
style-src-elem
Keyword
—
'unsafe-inline'
form-action
Keyword
—
'self'
Content-Security-Policy-Report-Only
No report-only CSP headers found.