Open
Cached
·
just now
6
directives
Content-Security-Policy
Content-Security-Policy: frame-src 'self' *.google.com *.google.be *.google.nl *.google.co.uk *.google.co.il *.google.com.ua *.gstatic.com *.scrmtech.com *.quora.com *.consensu.org *.sharethis.com *.doubleclick.net *.greenhouse.io *.payoneer.com *.trustpilot.com *.oraclecloud.com *.driftt.com *.ubembed.com *.youtube.com *.github.io *.userway.org v.qq.com *.adpartner.pro *.facebook.com *.chilipiper.com *.teamme.io *.adsrvr.org *.googlesyndication.com ssgtm-sbyzlt5hyq-ey.a.run.app *.optimizely.com *.googletagmanager.com *.adform.net payoneer.kinsta.cloud klentycal.com kl-website-tracking.s3.us-west-2.amazonaws.com cdn.klenty.com sgtm.payoneer.com sgtm.payoneer.com.cn *.div.show baiduboxapp: *.ziniao.block.j3e6di0o036cpreg88f2165z.com ziniao.block.j3e6di0o036cpreg88f2165z.com *.cloudfront.net *.b54b2699s971bp4335b9b00s735906bd4c7f; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookielaw.org *.convertexperiments.com *.marketo.net *.googleadservices.com *.bing.com bat.bing.com *.licdn.com *.facebook.net *.taboola.com *.yimg.jp *.yahoo.co.jp *.doubleclick.net *.sharethis.com *.consensu.org *.onetrust.com *.onetrust.io *.greenhouse.io *.payoneer.com *.mouseflow.com *.salesloft.com *.trendemon.com *.trustpilot.com *.ubembed.com *.google.com *.google.be *.google.nl *.google.co.uk *.google.co.il *.gstatic.com *.dynatrace.com *.oraclecloud.com *.baidu.com *.driftt.com *.youtube.com *.daumcdn.net unpkg.com *.yandex.ru *.cloudflare.com *.strattic.com *.6sc.co *.jsdelivr.net *.bootstrapcdn.com *.twitter.com *.ads-twitter.com *.highcharts.com *.github.io *.qualtrics.com *.microsoft.com *.userway.org *.tiktok.com *.googleoptimize.com accessibilityserver.org *.adnxs.com *.pdst.fm *.fullstory.com *.redditstatic.com *.cheqzone.com *.clarity.ms *.line-scdn.net redditstatic.s3.amazonaws.com wcs.naver.net *.googlesyndication.com *.google-analytics.com *.adpartner.pro *.line-cdn.net *.chilipiper.com *.teamme.io *.quora.com *.adsrvr.org *.amplitude.com server-side-tagging-sbyzlt5hyq-uc.a.run.app *.trackjs.com ssgtm-sbyzlt5hyq-ey.a.run.app *.optimizely.com optimizely.s3.amazonaws.com *.adform.net sdk.teamme.link js.hsforms.net app.beschannels.com js.hs-scripts.com kl-website-tracking.s3.us-west-2.amazonaws.com cdn.klenty.com work.codejudge.io hsforms.com storage.googleapis.com/skuad-public-assets/ geoapify.com s3-us-west-2.amazonaws.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hs-scripts.com adform.net sgtm.payoneer.com sgtm.payoneer.com.cn *.amazon-adsystem.com *.factors.ai *.partnerstack.com *.personsync.com; connect-src 'self' data: blob: https:; img-src 'self' data: blob: https:; report-to default; report-uri https://payoneer.report-uri.com/r/d/csp/enforce
frame-src
Keyword
—
'self'
frame-src
Host
—
frame-src
Host
—
frame-src
Scheme
—
baiduboxapp:
frame-src
Host
—
frame-src
Host
—
frame-src
Host
—
script-src
Keyword
—
'self'
script-src
Scheme
—
data:
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'unsafe-eval'
script-src
Host
—
script-src
Host
—
script-src
Host
—
script-src
Host
—
script-src
Host
—
script-src
Host
—
script-src
Host
—
script-src
Host
—
connect-src
Keyword
—
'self'
connect-src
Scheme
—
data:
connect-src
Scheme
—
blob:
connect-src
Scheme
—
https:
img-src
Keyword
—
'self'
img-src
Scheme
—
data:
img-src
Scheme
—
blob:
img-src
Scheme
—
https:
report-to
Host
—
Content-Security-Policy-Report-Only
No report-only CSP headers found.