Open
Cached
·
13h ago
3
directives
Content-Security-Policy
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: global.ketchcdn.com cdn.ketchjs.com *.coveo.com *.cloudflare.com *.cookielaw.org *.onetrust.com *.typekit.net *.googletagmanager.com *.google-analytics.com *.googleapis.com vimeo.com *.vimeo.com *.vimeocdn.com *.gstatic.com code.jquery.com *.doubleclick.net *.youtube.com *.google.com datawrapper.dwcdn.net *.cloudflare.com *.passle.net cdn.iframe.ly passle-net.s3.amazonaws.com; upgrade-insecure-requests; block-all-mixed-content;
default-src
Keyword
—
'self'
default-src
Keyword
—
'unsafe-inline'
default-src
Keyword
—
'unsafe-eval'
default-src
Scheme
—
data:
upgrade-insecure-requests
Source
—
(no sources)
block-all-mixed-content
Source
—
(no sources)
Content-Security-Policy-Report-Only
No report-only CSP headers found.