[{"id":"69d954825691d6dd6dd99e69","ts":"2026-04-10T19:50:26.702Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://social-archive.state.gov","isHidden":false,"parsedPolicy":{"policy":"default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; connect-src 'self' https://state.okta.com https://*.s3.amazonaws.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; font-src https://fonts.gstatic.com; frame-ancestors 'none'; frame-src https://state.okta.com https://www.googletagmanager.com; img-src 'self' data: blob: https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' blob:; style-src-elem 'self' https://fonts.googleapis.com; worker-src 'self' blob:;","directives":{"connect-src":["'self'","https://*.analytics.google.com","https://*.google-analytics.com","https://*.googletagmanager.com","https://*.s3.amazonaws.com","https://state.okta.com","https://www.google-analytics.com"],"default-src":["'self'"],"font-src":["https://fonts.gstatic.com"],"frame-ancestors":["'none'"],"frame-src":["https://state.okta.com","https://www.googletagmanager.com"],"img-src":["'self'","blob:","data:","https://www.google-analytics.com","https://www.googletagmanager.com"],"media-src":["'self'","blob:"],"script-src":["'self'","'unsafe-inline'","https://www.google-analytics.com","https://www.googletagmanager.com"],"style-src-elem":["'self'","https://fonts.googleapis.com"],"worker-src":["'self'","blob:"]},"directiveOrder":["default-src","script-src","connect-src","font-src","frame-ancestors","frame-src","img-src","media-src","style-src-elem","worker-src"],"disposition":"enforce","delivery":"header","sourceMapping":{"'none'":"keyword-source","'self'":"keyword-source","'unsafe-inline'":"keyword-source","blob:":"scheme-source","data:":"scheme-source","https://*.analytics.google.com":"host-source","https://*.google-analytics.com":"host-source","https://*.googletagmanager.com":"host-source","https://*.s3.amazonaws.com":"host-source","https://fonts.googleapis.com":"host-source","https://fonts.gstatic.com":"host-source","https://state.okta.com":"host-source","https://www.google-analytics.com":"host-source","https://www.googletagmanager.com":"host-source"}},"disposition":"enforce","source":"header","policies":["default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com; style-src-elem 'self' https://fonts.googleapis.com; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.s3.amazonaws.com https://state.okta.com https://www.google-analytics.com; font-src https://fonts.gstatic.com; frame-ancestors 'none'; frame-src https://state.okta.com https://www.googletagmanager.com; img-src 'self' blob: data: https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' blob:; worker-src 'self' blob:;"],"stats":{"totalHigh":1,"totalMedium":5,"totalLow":3,"totalInfo":0},"recommendations":[{"title":"Usage of unsafe-inline on script-src","severity":"HIGH","directive":"script-src","source":"'unsafe-inline'","message":"The usage of 'unsafe-inline' negates the primary CSP protection against XSS.","recommendation":"Remove 'unsafe-inline'. This will probably require a refactoring of code.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing object-src (with non-restrictive default-src)","severity":"MEDIUM","directive":"object-src","source":"","message":"object-src is a sensitive directive that may allow XSS (or similar) if missing.","recommendation":"Set object-src to 'none' or the bare minimum necessary.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing base-uri","severity":"MEDIUM","directive":"base-uri","source":"","message":"If an attacker is able to inject into the \u003chead\u003e of the document, they can spoof a different base-uri resulting in an XSS.","recommendation":"Set base-uri to 'self' or 'none' if possible. base-uri does not fall back to default-src.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://www.google-analytics.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://www.googletagmanager.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Missing form-action","severity":"LOW","directive":"form-action","source":"","message":"There's no defiend form-action. Sometimes form-action abuse can be used to smuggle tokens and other sensitive information out of a page.","recommendation":"Set form-action to 'none' or 'self', or the the most restrictive possible.","docs":"https://csper.io/docs/directives","docsTitle":"directives"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8f884bb3094b4229b6393","ts":"2026-04-10T13:17:56.696Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://premiumsupport.cryptas.com","isHidden":false,"parsedPolicy":{"policy":"frame-ancestors 'none';object-src 'self';script-src 'self';base-uri 'self';","directives":{"base-uri":["'self'"],"frame-ancestors":["'none'"],"object-src":["'self'"],"script-src":["'self'"]},"directiveOrder":["frame-ancestors","object-src","script-src","base-uri"],"disposition":"enforce","delivery":"header","sourceMapping":{"'none'":"keyword-source","'self'":"keyword-source"}},"disposition":"enforce","source":"header","policies":["script-src 'self'; object-src 'self'; base-uri 'self'; frame-ancestors 'none';"],"stats":{"totalHigh":0,"totalMedium":1,"totalLow":3,"totalInfo":0},"recommendations":[{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Missing form-action","severity":"LOW","directive":"form-action","source":"","message":"There's no defiend form-action. Sometimes form-action abuse can be used to smuggle tokens and other sensitive information out of a page.","recommendation":"Set form-action to 'none' or 'self', or the the most restrictive possible.","docs":"https://csper.io/docs/directives","docsTitle":"directives"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8f857bb3094b4229b6392","ts":"2026-04-10T13:17:11.14Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://premiumsupport.cryptas.com","isHidden":false,"parsedPolicy":{"policy":"frame-ancestors 'none';object-src 'self';script-src 'self';","directives":{"frame-ancestors":["'none'"],"object-src":["'self'"],"script-src":["'self'"]},"directiveOrder":["frame-ancestors","object-src","script-src"],"disposition":"enforce","delivery":"header","sourceMapping":{"'none'":"keyword-source","'self'":"keyword-source"}},"disposition":"enforce","source":"header","policies":["script-src 'self'; object-src 'self'; frame-ancestors 'none';"],"stats":{"totalHigh":0,"totalMedium":2,"totalLow":3,"totalInfo":0},"recommendations":[{"title":"Missing base-uri","severity":"MEDIUM","directive":"base-uri","source":"","message":"If an attacker is able to inject into the \u003chead\u003e of the document, they can spoof a different base-uri resulting in an XSS.","recommendation":"Set base-uri to 'self' or 'none' if possible. base-uri does not fall back to default-src.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Missing form-action","severity":"LOW","directive":"form-action","source":"","message":"There's no defiend form-action. Sometimes form-action abuse can be used to smuggle tokens and other sensitive information out of a page.","recommendation":"Set form-action to 'none' or 'self', or the the most restrictive possible.","docs":"https://csper.io/docs/directives","docsTitle":"directives"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8f7b45e323d879b758076","ts":"2026-04-10T13:14:28.823Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://premiumsupport.cryptas.com","isHidden":false,"parsedPolicy":{"policy":"frame-ancestors 'none';","directives":{"frame-ancestors":["'none'"]},"directiveOrder":["frame-ancestors"],"disposition":"enforce","delivery":"header","sourceMapping":{"'none'":"keyword-source"}},"disposition":"enforce","source":"header","policies":["frame-ancestors 'none';"],"stats":{"totalHigh":2,"totalMedium":2,"totalLow":3,"totalInfo":0},"recommendations":[{"title":"Missing object-src (no default-src)","severity":"HIGH","directive":"object-src","source":"","message":"object-src is a sensitive directive that may allow XSS (or similar) if missing.","recommendation":"Set object-src to 'none' or the bare minimum necessary.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing script-src (no default src)","severity":"HIGH","directive":"script","source":"","message":"script-src is a sensitive directive that may allow XSS (or similar) if missing.","recommendation":"Set script-src to 'none' or the bare minimum necessary.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing base-uri","severity":"MEDIUM","directive":"base-uri","source":"","message":"If an attacker is able to inject into the \u003chead\u003e of the document, they can spoof a different base-uri resulting in an XSS.","recommendation":"Set base-uri to 'self' or 'none' if possible. base-uri does not fall back to default-src.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Missing form-action","severity":"LOW","directive":"form-action","source":"","message":"There's no defiend form-action. Sometimes form-action abuse can be used to smuggle tokens and other sensitive information out of a page.","recommendation":"Set form-action to 'none' or 'self', or the the most restrictive possible.","docs":"https://csper.io/docs/directives","docsTitle":"directives"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8eeda5e323d879b758074","ts":"2026-04-10T12:36:42.067Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://share.cryptas.com","isHidden":false,"parsedPolicy":{"policy":"default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-9SdsGm5JCYrsWs2VHgqvukYKxi/r/aEJlnxtjdGhvC4=';script-src-elem 'strict-dynamic' 'nonce-9SdsGm5JCYrsWs2VHgqvukYKxi/r/aEJlnxtjdGhvC4=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self'","directives":{"base-uri":["'none'"],"connect-src":["'self'"],"default-src":["'none'"],"font-src":["'self'","data:"],"form-action":["'self'"],"frame-ancestors":["'self'"],"frame-src":["'self'"],"img-src":["'self'","blob:","data:"],"manifest-src":["'self'"],"media-src":["'self'"],"script-src":["'nonce-9SdsGm5JCYrsWs2VHgqvukYKxi/r/aEJlnxtjdGhvC4='"],"script-src-elem":["'nonce-9SdsGm5JCYrsWs2VHgqvukYKxi/r/aEJlnxtjdGhvC4='","'strict-dynamic'"],"style-src":["'self'","'unsafe-inline'"]},"directiveOrder":["default-src","base-uri","manifest-src","script-src","script-src-elem","style-src","img-src","font-src","connect-src","media-src","frame-src","frame-ancestors","form-action"],"disposition":"enforce","delivery":"header","sourceMapping":{"'nonce-9SdsGm5JCYrsWs2VHgqvukYKxi/r/aEJlnxtjdGhvC4='":"nonce-source","'none'":"keyword-source","'self'":"keyword-source","'strict-dynamic'":"keyword-source","'unsafe-inline'":"keyword-source","blob:":"scheme-source","data:":"scheme-source"}},"disposition":"enforce","source":"header","policies":["default-src 'none'; script-src 'nonce-9SdsGm5JCYrsWs2VHgqvukYKxi/r/aEJlnxtjdGhvC4='; script-src-elem 'nonce-9SdsGm5JCYrsWs2VHgqvukYKxi/r/aEJlnxtjdGhvC4=' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; base-uri 'none'; connect-src 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' blob: data:; manifest-src 'self'; media-src 'self';"],"stats":{"totalHigh":0,"totalMedium":1,"totalLow":3,"totalInfo":0},"recommendations":[{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Unsafe usage of unsafe-inline on style-src","severity":"LOW","directive":"style-src","source":"'unsafe-inline'","message":"Using 'unsafe-inline' on style-src allows injection of CSS. This potentially leaves the website open to styling attacks and complex info leaks.","recommendation":"Remove 'unsafe-inline' from the style-src. This might require some refactoring.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8ec01bb3094b4229b638b","ts":"2026-04-10T12:24:33.48Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://www.petanqueshop.com/","isHidden":false,"parsedPolicy":{"policy":"font-src 'self' 'unsafe-inline' data: *.alothemes.com *.fontawesome.com *.gstatic.com *.magepow.com *.oney.io cdn.almapay.com cdn.jsdelivr.net https://static.scelliuspaiement.labanquepostale.fr/static/ https://ws.colissimo.fr use.typekit.net www.petanqueshop.com; form-action 'self' 'unsafe-inline' admin.petanqueshop.com en.petanqueshop.com https://api.scelliuspaiement.labanquepostale.fr/api-payment/ https://scelliuspaiement.labanquepostale.fr/vads-payment/ https://static.scelliuspaiement.labanquepostale.fr/static/ pilot-payflowlink.paypal.com www.facebook.com www.paypal.com www.sandbox.paypal.com; frame-ancestors 'self'; frame-src 'self' 'unsafe-inline' *.adyen.com/ *.almapay.com/ *.checkout.com/ *.getalma.eu *.googleapis.com *.hipay-tpp.com *.hipay.com *.paypal.com *.stripe.com/ *.youtube-nocookie.com *.youtube.com bid.g.doubleclick.net challenges.cloudflare.com forms.clickup.com https://form.typeform.com https://scelliuspaiement.labanquepostale.fr/vads-payment/ https://static.scelliuspaiement.labanquepostale.fr/static/ https://www.google.com/recaptcha/ player.vimeo.com www.facebook.com www.googletagmanager.com www.xtento.com; img-src 'self' 'unsafe-inline' blob: data: *.alothemes.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.gstatic.com *.hipay.com *.hsforms.com *.hsforms.net *.magepow.com *.oney.io *.petanqueshop.com *.vimeocdn.com *.youtube.com a.tile.openstreetmap.org almapay.com analytics.google.com b.tile.openstreetmap.org bat.bing.com bat.bing.net c.tile.openstreetmap.org cdn.xtento.com connect.facebook.net fpdbs.paypal.com fpdbs.sandbox.paypal.com getalma.eu https://*.onyourmap.com https://*.tile.openstreetmap.fr https://google.fr https://scelliuspaiement.labanquepostale.fr/static/latest/images/type-carte/ https://scelliuspaiement.labanquepostale.fr/vads-payment/ https://static.scelliuspaiement.labanquepostale.fr/static/ https://ws.colissimo.fr i.ytimg.com joko-mobile-app-media.s3.eu-west-1.amazonaws.com p.typekit.net t.paypal.com validator.swagger.io widgets.magentocommerce.com www.bing.com www.google-analytics.com www.google.com www.google.com.my www.googleadservices.com www.googletagmanager.com www.paypal.com www.paypalobjects.com www.xtento.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.alothemes.com *.google.com *.gstatic.com *.hipay-tpp.com *.hipay.com *.hsforms.com *.hsforms.net *.magento-ds.com *.magepow.com *.oney.io *.paypal.com *.petanqueshop.com *.skeepers.io/ *.vimeocdn.com *.youtube.com amcglobal.sc.omtrdc.net app-cdn.clickup.com assets.adobedtm.com bat.bing.com cdn.jsdelivr.net cdn.xtento.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net https://*.typeform.com https://api.mapbox.com https://api.scelliuspaiement.labanquepostale.fr/api-payment/ https://maps.googleapis.com https://static.scelliuspaiement.labanquepostale.fr/static/ https://ws.colissimo.fr mpsnare.iesnare.com pagead2.googlesyndication.com s.ytimg.com static.cloudflareinsights.com use.typekit.net vimeo.com widgets.rr.skeepers.io www.google-analytics.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.paypalobjects.com www.vimeo.com www.xtento.com; style-src 'self' 'unsafe-inline' *.alothemes.com *.fontawesome.com *.googleapis.com *.gstatic.com *.hipay.com *.magepow.com cdn.jsdelivr.net https://*.typeform.com https://api.mapbox.com https://static.scelliuspaiement.labanquepostale.fr/static/ https://ws.colissimo.fr www.googletagmanager.com www.petanqueshop.com; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline' data: *.googleapis.com mpsnare.iesnare.com; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' *.adobe.io *.almapay.com *.alothemes.com *.g.doubleclick.net *.getalma.eu *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.hipay-tpp.com *.hipay.com *.hsforms.com *.hsforms.net *.magepow.com *.oney.io *.petanqueshop.com *.sentry.io *.skeepers.io/ bat.bing.com bat.bing.net connect.facebook.net https://*.mapbox.com https://*.onyourmap.com https://api.scelliuspaiement.labanquepostale.fr/api-payment/ https://nominatim.openstreetmap.org https://scelliuspaiement.labanquepostale.fr/vads-payment/ https://ws.colissimo.fr performance.typekit.net petanqueshop.com pilot-payflowlink.paypal.com t.elasticsuite.io vimeo.com wss://mpsnare.iesnare.com www.facebook.com www.googleadservices.com www.googletagmanager.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com; child-src 'self' 'unsafe-inline' blob: http: https:; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com https://api.scelliuspaiement.labanquepostale.fr/api-payment/ https://scelliuspaiement.labanquepostale.fr/vads-payment/ https://static.scelliuspaiement.labanquepostale.fr/static/; base-uri 'self' 'unsafe-inline'; report-uri https://www.petanqueshop.com/csp_report_watch","directives":{"base-uri":["'self'","'unsafe-inline'"],"child-src":["'self'","'unsafe-inline'","blob:","http:","https:"],"connect-src":["'self'","'unsafe-inline'","*.adobe.io","*.almapay.com","*.alothemes.com","*.g.doubleclick.net","*.getalma.eu","*.google-analytics.com","*.google.com","*.googleapis.com","*.googlesyndication.com","*.hipay-tpp.com","*.hipay.com","*.hsforms.com","*.hsforms.net","*.magepow.com","*.oney.io","*.petanqueshop.com","*.sentry.io","*.skeepers.io/","bat.bing.com","bat.bing.net","connect.facebook.net","https://*.mapbox.com","https://*.onyourmap.com","https://api.scelliuspaiement.labanquepostale.fr/api-payment/","https://nominatim.openstreetmap.org","https://scelliuspaiement.labanquepostale.fr/vads-payment/","https://ws.colissimo.fr","performance.typekit.net","petanqueshop.com","pilot-payflowlink.paypal.com","t.elasticsuite.io","vimeo.com","wss://mpsnare.iesnare.com","www.facebook.com","www.googleadservices.com","www.googletagmanager.com","www.paypal.com","www.paypalobjects.com","www.sandbox.paypal.com"],"default-src":["'self'","'unsafe-eval'","'unsafe-inline'","*.googleapis.com","https://api.scelliuspaiement.labanquepostale.fr/api-payment/","https://scelliuspaiement.labanquepostale.fr/vads-payment/","https://static.scelliuspaiement.labanquepostale.fr/static/"],"font-src":["'self'","'unsafe-inline'","*.alothemes.com","*.fontawesome.com","*.gstatic.com","*.magepow.com","*.oney.io","cdn.almapay.com","cdn.jsdelivr.net","data:","https://static.scelliuspaiement.labanquepostale.fr/static/","https://ws.colissimo.fr","use.typekit.net","www.petanqueshop.com"],"form-action":["'self'","'unsafe-inline'","admin.petanqueshop.com","en.petanqueshop.com","https://api.scelliuspaiement.labanquepostale.fr/api-payment/","https://scelliuspaiement.labanquepostale.fr/vads-payment/","https://static.scelliuspaiement.labanquepostale.fr/static/","pilot-payflowlink.paypal.com","www.facebook.com","www.paypal.com","www.sandbox.paypal.com"],"frame-ancestors":["'self'"],"frame-src":["'self'","'unsafe-inline'","*.adyen.com/","*.almapay.com/","*.checkout.com/","*.getalma.eu","*.googleapis.com","*.hipay-tpp.com","*.hipay.com","*.paypal.com","*.stripe.com/","*.youtube-nocookie.com","*.youtube.com","bid.g.doubleclick.net","challenges.cloudflare.com","forms.clickup.com","https://form.typeform.com","https://scelliuspaiement.labanquepostale.fr/vads-payment/","https://static.scelliuspaiement.labanquepostale.fr/static/","https://www.google.com/recaptcha/","player.vimeo.com","www.facebook.com","www.googletagmanager.com","www.xtento.com"],"img-src":["'self'","'unsafe-inline'","*.alothemes.com","*.facebook.com","*.g.doubleclick.net","*.googleapis.com","*.googlesyndication.com","*.gstatic.com","*.hipay.com","*.hsforms.com","*.hsforms.net","*.magepow.com","*.oney.io","*.petanqueshop.com","*.vimeocdn.com","*.youtube.com","a.tile.openstreetmap.org","almapay.com","analytics.google.com","b.tile.openstreetmap.org","bat.bing.com","bat.bing.net","blob:","c.tile.openstreetmap.org","cdn.xtento.com","connect.facebook.net","data:","fpdbs.paypal.com","fpdbs.sandbox.paypal.com","getalma.eu","https://*.onyourmap.com","https://*.tile.openstreetmap.fr","https://google.fr","https://scelliuspaiement.labanquepostale.fr/static/latest/images/type-carte/","https://scelliuspaiement.labanquepostale.fr/vads-payment/","https://static.scelliuspaiement.labanquepostale.fr/static/","https://ws.colissimo.fr","i.ytimg.com","joko-mobile-app-media.s3.eu-west-1.amazonaws.com","p.typekit.net","t.paypal.com","validator.swagger.io","widgets.magentocommerce.com","www.bing.com","www.google-analytics.com","www.google.com","www.google.com.my","www.googleadservices.com","www.googletagmanager.com","www.paypal.com","www.paypalobjects.com","www.xtento.com"],"manifest-src":["'self'","'unsafe-inline'"],"media-src":["'self'","'unsafe-inline'","*.googleapis.com","data:","mpsnare.iesnare.com"],"object-src":["'self'","'unsafe-inline'"],"report-uri":["https://www.petanqueshop.com/csp_report_watch"],"script-src":["'self'","'unsafe-eval'","'unsafe-inline'","*.alothemes.com","*.google.com","*.gstatic.com","*.hipay-tpp.com","*.hipay.com","*.hsforms.com","*.hsforms.net","*.magento-ds.com","*.magepow.com","*.oney.io","*.paypal.com","*.petanqueshop.com","*.skeepers.io/","*.vimeocdn.com","*.youtube.com","amcglobal.sc.omtrdc.net","app-cdn.clickup.com","assets.adobedtm.com","bat.bing.com","cdn.jsdelivr.net","cdn.xtento.com","cdnjs.cloudflare.com","connect.facebook.net","googleads.g.doubleclick.net","https://*.typeform.com","https://api.mapbox.com","https://api.scelliuspaiement.labanquepostale.fr/api-payment/","https://maps.googleapis.com","https://static.scelliuspaiement.labanquepostale.fr/static/","https://ws.colissimo.fr","mpsnare.iesnare.com","pagead2.googlesyndication.com","s.ytimg.com","static.cloudflareinsights.com","use.typekit.net","vimeo.com","widgets.rr.skeepers.io","www.google-analytics.com","www.googleadservices.com","www.googleapis.com","www.googletagmanager.com","www.paypalobjects.com","www.vimeo.com","www.xtento.com"],"style-src":["'self'","'unsafe-inline'","*.alothemes.com","*.fontawesome.com","*.googleapis.com","*.gstatic.com","*.hipay.com","*.magepow.com","cdn.jsdelivr.net","https://*.typeform.com","https://api.mapbox.com","https://static.scelliuspaiement.labanquepostale.fr/static/","https://ws.colissimo.fr","www.googletagmanager.com","www.petanqueshop.com"]},"directiveOrder":["font-src","form-action","frame-ancestors","frame-src","img-src","script-src","style-src","object-src","media-src","manifest-src","connect-src","child-src","default-src","base-uri","report-uri"],"disposition":"report","delivery":"header","sourceMapping":{"'self'":"keyword-source","'unsafe-eval'":"keyword-source","'unsafe-inline'":"keyword-source","*.adobe.io":"host-source","*.adyen.com/":"host-source","*.almapay.com":"host-source","*.almapay.com/":"host-source","*.alothemes.com":"host-source","*.checkout.com/":"host-source","*.facebook.com":"host-source","*.fontawesome.com":"host-source","*.g.doubleclick.net":"host-source","*.getalma.eu":"host-source","*.google-analytics.com":"host-source","*.google.com":"host-source","*.googleapis.com":"host-source","*.googlesyndication.com":"host-source","*.gstatic.com":"host-source","*.hipay-tpp.com":"host-source","*.hipay.com":"host-source","*.hsforms.com":"host-source","*.hsforms.net":"host-source","*.magento-ds.com":"host-source","*.magepow.com":"host-source","*.oney.io":"host-source","*.paypal.com":"host-source","*.petanqueshop.com":"host-source","*.sentry.io":"host-source","*.skeepers.io/":"host-source","*.stripe.com/":"host-source","*.vimeocdn.com":"host-source","*.youtube-nocookie.com":"host-source","*.youtube.com":"host-source","a.tile.openstreetmap.org":"host-source","admin.petanqueshop.com":"host-source","almapay.com":"host-source","amcglobal.sc.omtrdc.net":"host-source","analytics.google.com":"host-source","app-cdn.clickup.com":"host-source","assets.adobedtm.com":"host-source","b.tile.openstreetmap.org":"host-source","bat.bing.com":"host-source","bat.bing.net":"host-source","bid.g.doubleclick.net":"host-source","blob:":"scheme-source","c.tile.openstreetmap.org":"host-source","cdn.almapay.com":"host-source","cdn.jsdelivr.net":"host-source","cdn.xtento.com":"host-source","cdnjs.cloudflare.com":"host-source","challenges.cloudflare.com":"host-source","connect.facebook.net":"host-source","data:":"scheme-source","en.petanqueshop.com":"host-source","forms.clickup.com":"host-source","fpdbs.paypal.com":"host-source","fpdbs.sandbox.paypal.com":"host-source","getalma.eu":"host-source","googleads.g.doubleclick.net":"host-source","http:":"scheme-source","https:":"scheme-source","https://*.mapbox.com":"host-source","https://*.onyourmap.com":"host-source","https://*.tile.openstreetmap.fr":"host-source","https://*.typeform.com":"host-source","https://api.mapbox.com":"host-source","https://api.scelliuspaiement.labanquepostale.fr/api-payment/":"host-source","https://form.typeform.com":"host-source","https://google.fr":"host-source","https://maps.googleapis.com":"host-source","https://nominatim.openstreetmap.org":"host-source","https://scelliuspaiement.labanquepostale.fr/static/latest/images/type-carte/":"host-source","https://scelliuspaiement.labanquepostale.fr/vads-payment/":"host-source","https://static.scelliuspaiement.labanquepostale.fr/static/":"host-source","https://ws.colissimo.fr":"host-source","https://www.google.com/recaptcha/":"host-source","https://www.petanqueshop.com/csp_report_watch":"host-source","i.ytimg.com":"host-source","joko-mobile-app-media.s3.eu-west-1.amazonaws.com":"host-source","mpsnare.iesnare.com":"host-source","p.typekit.net":"host-source","pagead2.googlesyndication.com":"host-source","performance.typekit.net":"host-source","petanqueshop.com":"host-source","pilot-payflowlink.paypal.com":"host-source","player.vimeo.com":"host-source","s.ytimg.com":"host-source","static.cloudflareinsights.com":"host-source","t.elasticsuite.io":"host-source","t.paypal.com":"host-source","use.typekit.net":"host-source","validator.swagger.io":"host-source","vimeo.com":"host-source","widgets.magentocommerce.com":"host-source","widgets.rr.skeepers.io":"host-source","wss://mpsnare.iesnare.com":"host-source","www.bing.com":"host-source","www.facebook.com":"host-source","www.google-analytics.com":"host-source","www.google.com":"host-source","www.google.com.my":"host-source","www.googleadservices.com":"host-source","www.googleapis.com":"host-source","www.googletagmanager.com":"host-source","www.paypal.com":"host-source","www.paypalobjects.com":"host-source","www.petanqueshop.com":"host-source","www.sandbox.paypal.com":"host-source","www.vimeo.com":"host-source","www.xtento.com":"host-source"}},"disposition":"report","source":"header","policies":["default-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com https://api.scelliuspaiement.labanquepostale.fr/api-payment/ https://scelliuspaiement.labanquepostale.fr/vads-payment/ https://static.scelliuspaiement.labanquepostale.fr/static/; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.alothemes.com *.google.com *.gstatic.com *.hipay-tpp.com *.hipay.com *.hsforms.com *.hsforms.net *.magento-ds.com *.magepow.com *.oney.io *.paypal.com *.petanqueshop.com *.skeepers.io/ *.vimeocdn.com *.youtube.com amcglobal.sc.omtrdc.net app-cdn.clickup.com assets.adobedtm.com bat.bing.com cdn.jsdelivr.net cdn.xtento.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net https://*.typeform.com https://api.mapbox.com https://api.scelliuspaiement.labanquepostale.fr/api-payment/ https://maps.googleapis.com https://static.scelliuspaiement.labanquepostale.fr/static/ https://ws.colissimo.fr mpsnare.iesnare.com pagead2.googlesyndication.com s.ytimg.com static.cloudflareinsights.com use.typekit.net vimeo.com widgets.rr.skeepers.io www.google-analytics.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.paypalobjects.com www.vimeo.com www.xtento.com; style-src 'self' 'unsafe-inline' *.alothemes.com *.fontawesome.com *.googleapis.com *.gstatic.com *.hipay.com *.magepow.com cdn.jsdelivr.net https://*.typeform.com https://api.mapbox.com https://static.scelliuspaiement.labanquepostale.fr/static/ https://ws.colissimo.fr www.googletagmanager.com www.petanqueshop.com; object-src 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline' blob: http: https:; connect-src 'self' 'unsafe-inline' *.adobe.io *.almapay.com *.alothemes.com *.g.doubleclick.net *.getalma.eu *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.hipay-tpp.com *.hipay.com *.hsforms.com *.hsforms.net *.magepow.com *.oney.io *.petanqueshop.com *.sentry.io *.skeepers.io/ bat.bing.com bat.bing.net connect.facebook.net https://*.mapbox.com https://*.onyourmap.com https://api.scelliuspaiement.labanquepostale.fr/api-payment/ https://nominatim.openstreetmap.org https://scelliuspaiement.labanquepostale.fr/vads-payment/ https://ws.colissimo.fr performance.typekit.net petanqueshop.com pilot-payflowlink.paypal.com t.elasticsuite.io vimeo.com wss://mpsnare.iesnare.com www.facebook.com www.googleadservices.com www.googletagmanager.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com; font-src 'self' 'unsafe-inline' *.alothemes.com *.fontawesome.com *.gstatic.com *.magepow.com *.oney.io cdn.almapay.com cdn.jsdelivr.net data: https://static.scelliuspaiement.labanquepostale.fr/static/ https://ws.colissimo.fr use.typekit.net www.petanqueshop.com; form-action 'self' 'unsafe-inline' admin.petanqueshop.com en.petanqueshop.com https://api.scelliuspaiement.labanquepostale.fr/api-payment/ https://scelliuspaiement.labanquepostale.fr/vads-payment/ https://static.scelliuspaiement.labanquepostale.fr/static/ pilot-payflowlink.paypal.com www.facebook.com www.paypal.com www.sandbox.paypal.com; frame-ancestors 'self'; frame-src 'self' 'unsafe-inline' *.adyen.com/ *.almapay.com/ *.checkout.com/ *.getalma.eu *.googleapis.com *.hipay-tpp.com *.hipay.com *.paypal.com *.stripe.com/ *.youtube-nocookie.com *.youtube.com bid.g.doubleclick.net challenges.cloudflare.com forms.clickup.com https://form.typeform.com https://scelliuspaiement.labanquepostale.fr/vads-payment/ https://static.scelliuspaiement.labanquepostale.fr/static/ https://www.google.com/recaptcha/ player.vimeo.com www.facebook.com www.googletagmanager.com www.xtento.com; img-src 'self' 'unsafe-inline' *.alothemes.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.gstatic.com *.hipay.com *.hsforms.com *.hsforms.net *.magepow.com *.oney.io *.petanqueshop.com *.vimeocdn.com *.youtube.com a.tile.openstreetmap.org almapay.com analytics.google.com b.tile.openstreetmap.org bat.bing.com bat.bing.net blob: c.tile.openstreetmap.org cdn.xtento.com connect.facebook.net data: fpdbs.paypal.com fpdbs.sandbox.paypal.com getalma.eu https://*.onyourmap.com https://*.tile.openstreetmap.fr https://google.fr https://scelliuspaiement.labanquepostale.fr/static/latest/images/type-carte/ https://scelliuspaiement.labanquepostale.fr/vads-payment/ https://static.scelliuspaiement.labanquepostale.fr/static/ https://ws.colissimo.fr i.ytimg.com joko-mobile-app-media.s3.eu-west-1.amazonaws.com p.typekit.net t.paypal.com validator.swagger.io widgets.magentocommerce.com www.bing.com www.google-analytics.com www.google.com www.google.com.my www.googleadservices.com www.googletagmanager.com www.paypal.com www.paypalobjects.com www.xtento.com; manifest-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline' *.googleapis.com data: mpsnare.iesnare.com; report-uri https://www.petanqueshop.com/csp_report_watch;"],"stats":{"totalHigh":1,"totalMedium":45,"totalLow":14,"totalInfo":0},"recommendations":[{"title":"Usage of unsafe-inline on script-src","severity":"HIGH","directive":"script-src","source":"'unsafe-inline'","message":"The usage of 'unsafe-inline' negates the primary CSP protection against XSS.","recommendation":"Remove 'unsafe-inline'. This will probably require a refactoring of code.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"cdn.jsdelivr.net","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"static.cloudflareinsights.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.google.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.gstatic.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Non-encrypted loading of external assets (http: / ws:)","severity":"MEDIUM","directive":"child-src","source":"http:","message":"Allowing content over insecure channels can allow allow snooping and tampering of data","recommendation":"Ensure that all content is loaded over secure channels. Remove http: and ws:","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"www.xtento.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"www.vimeo.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"www.paypalobjects.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"www.googletagmanager.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"www.googleapis.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"www.googleadservices.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.hipay-tpp.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.hipay.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.hsforms.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.hsforms.net","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.magento-ds.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.magepow.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.oney.io","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.paypal.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.petanqueshop.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.skeepers.io/","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.vimeocdn.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.youtube.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://*.typeform.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"default-src","source":"*.googleapis.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"amcglobal.sc.omtrdc.net","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"app-cdn.clickup.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"assets.adobedtm.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.alothemes.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"bat.bing.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"widgets.rr.skeepers.io","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"cdnjs.cloudflare.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"connect.facebook.net","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"googleads.g.doubleclick.net","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://api.mapbox.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://maps.googleapis.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://ws.colissimo.fr","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"mpsnare.iesnare.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"pagead2.googlesyndication.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"s.ytimg.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Unsafe usage of unsafe-eval","severity":"MEDIUM","directive":"script-src","source":"'unsafe-eval'","message":"Using 'unsafe-eval' can sometimes allow arbitrary javascript execution.","recommendation":"Remove 'unsafe-eval' from the script-src. This may require some refactoring or changing of libraries.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"use.typekit.net","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"vimeo.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"cdn.xtento.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"www.google-analytics.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of unsafe-inline outside of script/style/default directive","severity":"LOW","directive":"media-src","source":"'unsafe-inline'","message":"'unsafe-inline' is not valid outside of script-src/style-src/default-src","recommendation":"Delete the unsafe-inline","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of unsafe-inline outside of script/style/default directive","severity":"LOW","directive":"font-src","source":"'unsafe-inline'","message":"'unsafe-inline' is not valid outside of script-src/style-src/default-src","recommendation":"Delete the unsafe-inline","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of unsafe-inline outside of script/style/default directive","severity":"LOW","directive":"connect-src","source":"'unsafe-inline'","message":"'unsafe-inline' is not valid outside of script-src/style-src/default-src","recommendation":"Delete the unsafe-inline","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of unsafe-inline outside of script/style/default directive","severity":"LOW","directive":"child-src","source":"'unsafe-inline'","message":"'unsafe-inline' is not valid outside of script-src/style-src/default-src","recommendation":"Delete the unsafe-inline","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of unsafe-inline outside of script/style/default directive","severity":"LOW","directive":"frame-src","source":"'unsafe-inline'","message":"'unsafe-inline' is not valid outside of script-src/style-src/default-src","recommendation":"Delete the unsafe-inline","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of unsafe-inline outside of script/style/default directive","severity":"LOW","directive":"manifest-src","source":"'unsafe-inline'","message":"'unsafe-inline' is not valid outside of script-src/style-src/default-src","recommendation":"Delete the unsafe-inline","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of unsafe-inline outside of script/style/default directive","severity":"LOW","directive":"img-src","source":"'unsafe-inline'","message":"'unsafe-inline' is not valid outside of script-src/style-src/default-src","recommendation":"Delete the unsafe-inline","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of unsafe-inline outside of script/style/default directive","severity":"LOW","directive":"form-action","source":"'unsafe-inline'","message":"'unsafe-inline' is not valid outside of script-src/style-src/default-src","recommendation":"Delete the unsafe-inline","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of unsafe-inline outside of script/style/default directive","severity":"LOW","directive":"object-src","source":"'unsafe-inline'","message":"'unsafe-inline' is not valid outside of script-src/style-src/default-src","recommendation":"Delete the unsafe-inline","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Unsafe usage of unsafe-inline on style-src","severity":"LOW","directive":"style-src","source":"'unsafe-inline'","message":"Using 'unsafe-inline' on style-src allows injection of CSS. This potentially leaves the website open to styling attacks and complex info leaks.","recommendation":"Remove 'unsafe-inline' from the style-src. This might require some refactoring.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"www.google.com.my","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of unsafe-inline outside of script/style/default directive","severity":"LOW","directive":"base-uri","source":"'unsafe-inline'","message":"'unsafe-inline' is not valid outside of script-src/style-src/default-src","recommendation":"Delete the unsafe-inline","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8ebdf5e323d879b758073","ts":"2026-04-10T12:23:59.4Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://register.pfxselect.com/#/Registration","isHidden":false,"parsedPolicy":{"policy":"default-src 'self'; connect-src 'self' https://pfxselect.com https://hexacthost.danfoss.com/HeAuth/; script-src 'self' 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' data:; font-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'","directives":{"base-uri":["'self'"],"connect-src":["'self'","https://hexacthost.danfoss.com/HeAuth/","https://pfxselect.com"],"default-src":["'self'"],"font-src":["'self'"],"form-action":["'self'"],"frame-ancestors":["'none'"],"img-src":["'self'","data:"],"object-src":["'none'"],"script-src":["'report-sample'","'self'"],"style-src":["'report-sample'","'self'","'unsafe-inline'"]},"directiveOrder":["default-src","connect-src","script-src","style-src","img-src","font-src","object-src","frame-ancestors","base-uri","form-action"],"disposition":"enforce","delivery":"header","sourceMapping":{"'none'":"keyword-source","'report-sample'":"keyword-source","'self'":"keyword-source","'unsafe-inline'":"keyword-source","data:":"scheme-source","https://hexacthost.danfoss.com/HeAuth/":"host-source","https://pfxselect.com":"host-source"}},"disposition":"enforce","source":"header","policies":["default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://hexacthost.danfoss.com/HeAuth/ https://pfxselect.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data:;"],"stats":{"totalHigh":0,"totalMedium":1,"totalLow":1,"totalInfo":0},"recommendations":[{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Unsafe usage of unsafe-inline on style-src","severity":"LOW","directive":"style-src","source":"'unsafe-inline'","message":"Using 'unsafe-inline' on style-src allows injection of CSS. This potentially leaves the website open to styling attacks and complex info leaks.","recommendation":"Remove 'unsafe-inline' from the style-src. This might require some refactoring.","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8e9efbb3094b4229b638a","ts":"2026-04-10T12:15:43.649Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://register.pfxselect.com/#/Registration","isHidden":false,"parsedPolicy":{"policy":"default-src 'self'; connect-src 'self' https://pfxselect.com https://hexacthost.danfoss.com/HeAuth/; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'","directives":{"base-uri":["'self'"],"connect-src":["'self'","https://hexacthost.danfoss.com/HeAuth/","https://pfxselect.com"],"default-src":["'self'"],"font-src":["'self'"],"form-action":["'self'"],"frame-ancestors":["'none'"],"img-src":["'self'","data:"],"script-src":["'self'"],"style-src":["'self'","'unsafe-inline'"]},"directiveOrder":["default-src","connect-src","script-src","style-src","img-src","font-src","frame-ancestors","base-uri","form-action"],"disposition":"enforce","delivery":"header","sourceMapping":{"'none'":"keyword-source","'self'":"keyword-source","'unsafe-inline'":"keyword-source","data:":"scheme-source","https://hexacthost.danfoss.com/HeAuth/":"host-source","https://pfxselect.com":"host-source"}},"disposition":"enforce","source":"header","policies":["default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'self'; connect-src 'self' https://hexacthost.danfoss.com/HeAuth/ https://pfxselect.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data:;"],"stats":{"totalHigh":0,"totalMedium":2,"totalLow":3,"totalInfo":0},"recommendations":[{"title":"Missing object-src (with non-restrictive default-src)","severity":"MEDIUM","directive":"object-src","source":"","message":"object-src is a sensitive directive that may allow XSS (or similar) if missing.","recommendation":"Set object-src to 'none' or the bare minimum necessary.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Unsafe usage of unsafe-inline on style-src","severity":"LOW","directive":"style-src","source":"'unsafe-inline'","message":"Using 'unsafe-inline' on style-src allows injection of CSS. This potentially leaves the website open to styling attacks and complex info leaks.","recommendation":"Remove 'unsafe-inline' from the style-src. This might require some refactoring.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8e6895e323d879b758072","ts":"2026-04-10T12:01:13.137Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://console.nebius.ai/","isHidden":false,"parsedPolicy":{"policy":"script-src 'nonce-7O/qJvatD+EdCUZQEuhPdo0VMoROpX+MWMqWfQIVDEg=' 'self' 'strict-dynamic' https://static.nebius.com  https://www.googletagmanager.com/ https://*.googletagmanager.com https://www.google-analytics.com/ https://www.redditstatic.com/ https://snap.licdn.com/;img-src 'self' data: static.nebius.com https://static.nebius.com  https://bat.bing.net https://bat.bing.com https://*.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com *.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://alb.reddit.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://t.co https://analytics.twitter.com https://www.facebook.com https://connect.facebook.net *.hubspot.com analytics.tiktok.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://graph.microsoft.com https://avatars.githubusercontent.com;connect-src 'self' https://o4505906584485888.ingest.sentry.io https://o4505906584485888.ingest.us.sentry.io https://bat.bing.net https://bat.bing.com https://*.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://region1.analytics.google.com https://*.analytics.google.com https://analytics.google.com https://www.google.com *.g.doubleclick.net https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://pixel.reddit.com https://pixel-config.reddit.com https://www.redditstatic.com https://conversions-config.reddit.com https://px.ads.linkedin.com https://capig.stape.host *.hubapi.com analytics.tiktok.com;report-uri https://o4505906584485888.ingest.us.sentry.io/api/4506303150686208/security/?sentry_key=97557f85d9a8cd79be25cccadcb0e4d9;frame-src https://www.googletagmanager.com https://www.google.com https://td.doubleclick.net *.g.doubleclick.net;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests","directives":{"base-uri":["'self'"],"connect-src":["'self'","*.g.doubleclick.net","*.hubapi.com","analytics.tiktok.com","https://*.analytics.google.com","https://*.google-analytics.com","https://*.googletagmanager.com","https://analytics.google.com","https://bat.bing.com","https://bat.bing.net","https://capig.stape.host","https://conversions-config.reddit.com","https://o4505906584485888.ingest.sentry.io","https://o4505906584485888.ingest.us.sentry.io","https://pixel-config.reddit.com","https://pixel.reddit.com","https://px.ads.linkedin.com","https://region1.analytics.google.com","https://www.google-analytics.com","https://www.google.ad","https://www.google.ae","https://www.google.al","https://www.google.am","https://www.google.as","https://www.google.at","https://www.google.az","https://www.google.ba","https://www.google.be","https://www.google.bf","https://www.google.bg","https://www.google.bi","https://www.google.bj","https://www.google.bs","https://www.google.bt","https://www.google.by","https://www.google.ca","https://www.google.cat","https://www.google.cd","https://www.google.cf","https://www.google.cg","https://www.google.ch","https://www.google.ci","https://www.google.cl","https://www.google.cm","https://www.google.cn","https://www.google.co.ao","https://www.google.co.bw","https://www.google.co.ck","https://www.google.co.cr","https://www.google.co.id","https://www.google.co.il","https://www.google.co.in","https://www.google.co.jp","https://www.google.co.ke","https://www.google.co.kr","https://www.google.co.ls","https://www.google.co.ma","https://www.google.co.mz","https://www.google.co.nz","https://www.google.co.th","https://www.google.co.tz","https://www.google.co.ug","https://www.google.co.uk","https://www.google.co.uz","https://www.google.co.ve","https://www.google.co.vi","https://www.google.co.za","https://www.google.co.zm","https://www.google.co.zw","https://www.google.com","https://www.google.com","https://www.google.com.af","https://www.google.com.ag","https://www.google.com.ar","https://www.google.com.au","https://www.google.com.bd","https://www.google.com.bh","https://www.google.com.bn","https://www.google.com.bo","https://www.google.com.br","https://www.google.com.bz","https://www.google.com.co","https://www.google.com.cu","https://www.google.com.cy","https://www.google.com.do","https://www.google.com.ec","https://www.google.com.eg","https://www.google.com.et","https://www.google.com.fj","https://www.google.com.gh","https://www.google.com.gi","https://www.google.com.gt","https://www.google.com.hk","https://www.google.com.jm","https://www.google.com.kh","https://www.google.com.kw","https://www.google.com.lb","https://www.google.com.ly","https://www.google.com.mm","https://www.google.com.mt","https://www.google.com.mx","https://www.google.com.my","https://www.google.com.na","https://www.google.com.ng","https://www.google.com.ni","https://www.google.com.np","https://www.google.com.om","https://www.google.com.pa","https://www.google.com.pe","https://www.google.com.pg","https://www.google.com.ph","https://www.google.com.pk","https://www.google.com.pr","https://www.google.com.py","https://www.google.com.qa","https://www.google.com.sa","https://www.google.com.sb","https://www.google.com.sg","https://www.google.com.sl","https://www.google.com.sv","https://www.google.com.tj","https://www.google.com.tr","https://www.google.com.tw","https://www.google.com.ua","https://www.google.com.uy","https://www.google.com.vc","https://www.google.com.vn","https://www.google.cv","https://www.google.cz","https://www.google.de","https://www.google.dj","https://www.google.dk","https://www.google.dm","https://www.google.dz","https://www.google.ee","https://www.google.es","https://www.google.fi","https://www.google.fm","https://www.google.fr","https://www.google.ga","https://www.google.ge","https://www.google.gg","https://www.google.gl","https://www.google.gm","https://www.google.gr","https://www.google.gy","https://www.google.hn","https://www.google.hr","https://www.google.ht","https://www.google.hu","https://www.google.ie","https://www.google.im","https://www.google.iq","https://www.google.is","https://www.google.it","https://www.google.je","https://www.google.jo","https://www.google.kg","https://www.google.ki","https://www.google.kz","https://www.google.la","https://www.google.li","https://www.google.lk","https://www.google.lt","https://www.google.lu","https://www.google.lv","https://www.google.md","https://www.google.me","https://www.google.mg","https://www.google.mk","https://www.google.ml","https://www.google.mn","https://www.google.mu","https://www.google.mv","https://www.google.mw","https://www.google.ne","https://www.google.nl","https://www.google.no","https://www.google.nr","https://www.google.nu","https://www.google.pl","https://www.google.pn","https://www.google.ps","https://www.google.pt","https://www.google.ro","https://www.google.rs","https://www.google.ru","https://www.google.rw","https://www.google.sc","https://www.google.se","https://www.google.sh","https://www.google.si","https://www.google.sk","https://www.google.sm","https://www.google.sn","https://www.google.so","https://www.google.sr","https://www.google.st","https://www.google.td","https://www.google.tg","https://www.google.tl","https://www.google.tm","https://www.google.tn","https://www.google.to","https://www.google.tt","https://www.google.vu","https://www.google.ws","https://www.redditstatic.com"],"default-src":["'self'"],"font-src":["'self'","data:","https:"],"form-action":["'self'"],"frame-ancestors":["'self'"],"frame-src":["*.g.doubleclick.net","https://td.doubleclick.net","https://www.google.com","https://www.googletagmanager.com"],"img-src":["'self'","*.g.doubleclick.net","*.google.com","*.googleusercontent.com","*.hubspot.com","analytics.tiktok.com","data:","https://*.analytics.google.com","https://*.google-analytics.com","https://*.googleapis.com","https://*.googletagmanager.com","https://*.gstatic.com","https://alb.reddit.com","https://analytics.google.com","https://analytics.twitter.com","https://avatars.githubusercontent.com","https://bat.bing.com","https://bat.bing.net","https://connect.facebook.net","https://graph.microsoft.com","https://px.ads.linkedin.com","https://px4.ads.linkedin.com","https://static.nebius.com","https://t.co","https://www.facebook.com","https://www.google-analytics.com","https://www.google.ad","https://www.google.ae","https://www.google.al","https://www.google.am","https://www.google.as","https://www.google.at","https://www.google.az","https://www.google.ba","https://www.google.be","https://www.google.bf","https://www.google.bg","https://www.google.bi","https://www.google.bj","https://www.google.bs","https://www.google.bt","https://www.google.by","https://www.google.ca","https://www.google.cat","https://www.google.cd","https://www.google.cf","https://www.google.cg","https://www.google.ch","https://www.google.ci","https://www.google.cl","https://www.google.cm","https://www.google.cn","https://www.google.co.ao","https://www.google.co.bw","https://www.google.co.ck","https://www.google.co.cr","https://www.google.co.id","https://www.google.co.il","https://www.google.co.in","https://www.google.co.jp","https://www.google.co.ke","https://www.google.co.kr","https://www.google.co.ls","https://www.google.co.ma","https://www.google.co.mz","https://www.google.co.nz","https://www.google.co.th","https://www.google.co.tz","https://www.google.co.ug","https://www.google.co.uk","https://www.google.co.uz","https://www.google.co.ve","https://www.google.co.vi","https://www.google.co.za","https://www.google.co.zm","https://www.google.co.zw","https://www.google.com","https://www.google.com.af","https://www.google.com.ag","https://www.google.com.ar","https://www.google.com.au","https://www.google.com.bd","https://www.google.com.bh","https://www.google.com.bn","https://www.google.com.bo","https://www.google.com.br","https://www.google.com.bz","https://www.google.com.co","https://www.google.com.cu","https://www.google.com.cy","https://www.google.com.do","https://www.google.com.ec","https://www.google.com.eg","https://www.google.com.et","https://www.google.com.fj","https://www.google.com.gh","https://www.google.com.gi","https://www.google.com.gt","https://www.google.com.hk","https://www.google.com.jm","https://www.google.com.kh","https://www.google.com.kw","https://www.google.com.lb","https://www.google.com.ly","https://www.google.com.mm","https://www.google.com.mt","https://www.google.com.mx","https://www.google.com.my","https://www.google.com.na","https://www.google.com.ng","https://www.google.com.ni","https://www.google.com.np","https://www.google.com.om","https://www.google.com.pa","https://www.google.com.pe","https://www.google.com.pg","https://www.google.com.ph","https://www.google.com.pk","https://www.google.com.pr","https://www.google.com.py","https://www.google.com.qa","https://www.google.com.sa","https://www.google.com.sb","https://www.google.com.sg","https://www.google.com.sl","https://www.google.com.sv","https://www.google.com.tj","https://www.google.com.tr","https://www.google.com.tw","https://www.google.com.ua","https://www.google.com.uy","https://www.google.com.vc","https://www.google.com.vn","https://www.google.cv","https://www.google.cz","https://www.google.de","https://www.google.dj","https://www.google.dk","https://www.google.dm","https://www.google.dz","https://www.google.ee","https://www.google.es","https://www.google.fi","https://www.google.fm","https://www.google.fr","https://www.google.ga","https://www.google.ge","https://www.google.gg","https://www.google.gl","https://www.google.gm","https://www.google.gr","https://www.google.gy","https://www.google.hn","https://www.google.hr","https://www.google.ht","https://www.google.hu","https://www.google.ie","https://www.google.im","https://www.google.iq","https://www.google.is","https://www.google.it","https://www.google.je","https://www.google.jo","https://www.google.kg","https://www.google.ki","https://www.google.kz","https://www.google.la","https://www.google.li","https://www.google.lk","https://www.google.lt","https://www.google.lu","https://www.google.lv","https://www.google.md","https://www.google.me","https://www.google.mg","https://www.google.mk","https://www.google.ml","https://www.google.mn","https://www.google.mu","https://www.google.mv","https://www.google.mw","https://www.google.ne","https://www.google.nl","https://www.google.no","https://www.google.nr","https://www.google.nu","https://www.google.pl","https://www.google.pn","https://www.google.ps","https://www.google.pt","https://www.google.ro","https://www.google.rs","https://www.google.ru","https://www.google.rw","https://www.google.sc","https://www.google.se","https://www.google.sh","https://www.google.si","https://www.google.sk","https://www.google.sm","https://www.google.sn","https://www.google.so","https://www.google.sr","https://www.google.st","https://www.google.td","https://www.google.tg","https://www.google.tl","https://www.google.tm","https://www.google.tn","https://www.google.to","https://www.google.tt","https://www.google.vu","https://www.google.ws","https://www.googletagmanager.com","static.nebius.com"],"object-src":["'none'"],"report-uri":["https://o4505906584485888.ingest.us.sentry.io/api/4506303150686208/security/?sentry_key=97557f85d9a8cd79be25cccadcb0e4d9"],"script-src":["'nonce-7O/qJvatD+EdCUZQEuhPdo0VMoROpX+MWMqWfQIVDEg='","'self'","'strict-dynamic'","https://*.googletagmanager.com","https://snap.licdn.com/","https://static.nebius.com","https://www.google-analytics.com/","https://www.googletagmanager.com/","https://www.redditstatic.com/"],"script-src-attr":["'none'"],"style-src":["'self'","'unsafe-inline'","https:"],"upgrade-insecure-requests":[]},"directiveOrder":["script-src","img-src","connect-src","report-uri","frame-src","default-src","base-uri","font-src","form-action","frame-ancestors","object-src","script-src-attr","style-src","upgrade-insecure-requests"],"disposition":"enforce","delivery":"header","sourceMapping":{"'nonce-7O/qJvatD+EdCUZQEuhPdo0VMoROpX+MWMqWfQIVDEg='":"nonce-source","'none'":"keyword-source","'self'":"keyword-source","'strict-dynamic'":"keyword-source","'unsafe-inline'":"keyword-source","*.g.doubleclick.net":"host-source","*.google.com":"host-source","*.googleusercontent.com":"host-source","*.hubapi.com":"host-source","*.hubspot.com":"host-source","analytics.tiktok.com":"host-source","data:":"scheme-source","https:":"scheme-source","https://*.analytics.google.com":"host-source","https://*.google-analytics.com":"host-source","https://*.googleapis.com":"host-source","https://*.googletagmanager.com":"host-source","https://*.gstatic.com":"host-source","https://alb.reddit.com":"host-source","https://analytics.google.com":"host-source","https://analytics.twitter.com":"host-source","https://avatars.githubusercontent.com":"host-source","https://bat.bing.com":"host-source","https://bat.bing.net":"host-source","https://capig.stape.host":"host-source","https://connect.facebook.net":"host-source","https://conversions-config.reddit.com":"host-source","https://graph.microsoft.com":"host-source","https://o4505906584485888.ingest.sentry.io":"host-source","https://o4505906584485888.ingest.us.sentry.io":"host-source","https://o4505906584485888.ingest.us.sentry.io/api/4506303150686208/security/?sentry_key=97557f85d9a8cd79be25cccadcb0e4d9":"host-source","https://pixel-config.reddit.com":"host-source","https://pixel.reddit.com":"host-source","https://px.ads.linkedin.com":"host-source","https://px4.ads.linkedin.com":"host-source","https://region1.analytics.google.com":"host-source","https://snap.licdn.com/":"host-source","https://static.nebius.com":"host-source","https://t.co":"host-source","https://td.doubleclick.net":"host-source","https://www.facebook.com":"host-source","https://www.google-analytics.com":"host-source","https://www.google-analytics.com/":"host-source","https://www.google.ad":"host-source","https://www.google.ae":"host-source","https://www.google.al":"host-source","https://www.google.am":"host-source","https://www.google.as":"host-source","https://www.google.at":"host-source","https://www.google.az":"host-source","https://www.google.ba":"host-source","https://www.google.be":"host-source","https://www.google.bf":"host-source","https://www.google.bg":"host-source","https://www.google.bi":"host-source","https://www.google.bj":"host-source","https://www.google.bs":"host-source","https://www.google.bt":"host-source","https://www.google.by":"host-source","https://www.google.ca":"host-source","https://www.google.cat":"host-source","https://www.google.cd":"host-source","https://www.google.cf":"host-source","https://www.google.cg":"host-source","https://www.google.ch":"host-source","https://www.google.ci":"host-source","https://www.google.cl":"host-source","https://www.google.cm":"host-source","https://www.google.cn":"host-source","https://www.google.co.ao":"host-source","https://www.google.co.bw":"host-source","https://www.google.co.ck":"host-source","https://www.google.co.cr":"host-source","https://www.google.co.id":"host-source","https://www.google.co.il":"host-source","https://www.google.co.in":"host-source","https://www.google.co.jp":"host-source","https://www.google.co.ke":"host-source","https://www.google.co.kr":"host-source","https://www.google.co.ls":"host-source","https://www.google.co.ma":"host-source","https://www.google.co.mz":"host-source","https://www.google.co.nz":"host-source","https://www.google.co.th":"host-source","https://www.google.co.tz":"host-source","https://www.google.co.ug":"host-source","https://www.google.co.uk":"host-source","https://www.google.co.uz":"host-source","https://www.google.co.ve":"host-source","https://www.google.co.vi":"host-source","https://www.google.co.za":"host-source","https://www.google.co.zm":"host-source","https://www.google.co.zw":"host-source","https://www.google.com":"host-source","https://www.google.com.af":"host-source","https://www.google.com.ag":"host-source","https://www.google.com.ar":"host-source","https://www.google.com.au":"host-source","https://www.google.com.bd":"host-source","https://www.google.com.bh":"host-source","https://www.google.com.bn":"host-source","https://www.google.com.bo":"host-source","https://www.google.com.br":"host-source","https://www.google.com.bz":"host-source","https://www.google.com.co":"host-source","https://www.google.com.cu":"host-source","https://www.google.com.cy":"host-source","https://www.google.com.do":"host-source","https://www.google.com.ec":"host-source","https://www.google.com.eg":"host-source","https://www.google.com.et":"host-source","https://www.google.com.fj":"host-source","https://www.google.com.gh":"host-source","https://www.google.com.gi":"host-source","https://www.google.com.gt":"host-source","https://www.google.com.hk":"host-source","https://www.google.com.jm":"host-source","https://www.google.com.kh":"host-source","https://www.google.com.kw":"host-source","https://www.google.com.lb":"host-source","https://www.google.com.ly":"host-source","https://www.google.com.mm":"host-source","https://www.google.com.mt":"host-source","https://www.google.com.mx":"host-source","https://www.google.com.my":"host-source","https://www.google.com.na":"host-source","https://www.google.com.ng":"host-source","https://www.google.com.ni":"host-source","https://www.google.com.np":"host-source","https://www.google.com.om":"host-source","https://www.google.com.pa":"host-source","https://www.google.com.pe":"host-source","https://www.google.com.pg":"host-source","https://www.google.com.ph":"host-source","https://www.google.com.pk":"host-source","https://www.google.com.pr":"host-source","https://www.google.com.py":"host-source","https://www.google.com.qa":"host-source","https://www.google.com.sa":"host-source","https://www.google.com.sb":"host-source","https://www.google.com.sg":"host-source","https://www.google.com.sl":"host-source","https://www.google.com.sv":"host-source","https://www.google.com.tj":"host-source","https://www.google.com.tr":"host-source","https://www.google.com.tw":"host-source","https://www.google.com.ua":"host-source","https://www.google.com.uy":"host-source","https://www.google.com.vc":"host-source","https://www.google.com.vn":"host-source","https://www.google.cv":"host-source","https://www.google.cz":"host-source","https://www.google.de":"host-source","https://www.google.dj":"host-source","https://www.google.dk":"host-source","https://www.google.dm":"host-source","https://www.google.dz":"host-source","https://www.google.ee":"host-source","https://www.google.es":"host-source","https://www.google.fi":"host-source","https://www.google.fm":"host-source","https://www.google.fr":"host-source","https://www.google.ga":"host-source","https://www.google.ge":"host-source","https://www.google.gg":"host-source","https://www.google.gl":"host-source","https://www.google.gm":"host-source","https://www.google.gr":"host-source","https://www.google.gy":"host-source","https://www.google.hn":"host-source","https://www.google.hr":"host-source","https://www.google.ht":"host-source","https://www.google.hu":"host-source","https://www.google.ie":"host-source","https://www.google.im":"host-source","https://www.google.iq":"host-source","https://www.google.is":"host-source","https://www.google.it":"host-source","https://www.google.je":"host-source","https://www.google.jo":"host-source","https://www.google.kg":"host-source","https://www.google.ki":"host-source","https://www.google.kz":"host-source","https://www.google.la":"host-source","https://www.google.li":"host-source","https://www.google.lk":"host-source","https://www.google.lt":"host-source","https://www.google.lu":"host-source","https://www.google.lv":"host-source","https://www.google.md":"host-source","https://www.google.me":"host-source","https://www.google.mg":"host-source","https://www.google.mk":"host-source","https://www.google.ml":"host-source","https://www.google.mn":"host-source","https://www.google.mu":"host-source","https://www.google.mv":"host-source","https://www.google.mw":"host-source","https://www.google.ne":"host-source","https://www.google.nl":"host-source","https://www.google.no":"host-source","https://www.google.nr":"host-source","https://www.google.nu":"host-source","https://www.google.pl":"host-source","https://www.google.pn":"host-source","https://www.google.ps":"host-source","https://www.google.pt":"host-source","https://www.google.ro":"host-source","https://www.google.rs":"host-source","https://www.google.ru":"host-source","https://www.google.rw":"host-source","https://www.google.sc":"host-source","https://www.google.se":"host-source","https://www.google.sh":"host-source","https://www.google.si":"host-source","https://www.google.sk":"host-source","https://www.google.sm":"host-source","https://www.google.sn":"host-source","https://www.google.so":"host-source","https://www.google.sr":"host-source","https://www.google.st":"host-source","https://www.google.td":"host-source","https://www.google.tg":"host-source","https://www.google.tl":"host-source","https://www.google.tm":"host-source","https://www.google.tn":"host-source","https://www.google.to":"host-source","https://www.google.tt":"host-source","https://www.google.vu":"host-source","https://www.google.ws":"host-source","https://www.googletagmanager.com":"host-source","https://www.googletagmanager.com/":"host-source","https://www.redditstatic.com":"host-source","https://www.redditstatic.com/":"host-source","static.nebius.com":"host-source"}},"disposition":"enforce","source":"header","policies":["default-src 'self'; script-src 'nonce-7O/qJvatD+EdCUZQEuhPdo0VMoROpX+MWMqWfQIVDEg=' 'self' 'strict-dynamic' https://*.googletagmanager.com https://snap.licdn.com/ https://static.nebius.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.redditstatic.com/; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https:; object-src 'none'; base-uri 'self'; connect-src 'self' *.g.doubleclick.net *.hubapi.com analytics.tiktok.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://analytics.google.com https://bat.bing.com https://bat.bing.net https://capig.stape.host https://conversions-config.reddit.com https://o4505906584485888.ingest.sentry.io https://o4505906584485888.ingest.us.sentry.io https://pixel-config.reddit.com https://pixel.reddit.com https://px.ads.linkedin.com https://region1.analytics.google.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.as https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cat https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.ck https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.nu https://www.google.pl https://www.google.pn https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sh https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.st https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.tt https://www.google.vu https://www.google.ws https://www.redditstatic.com; font-src 'self' data: https:; form-action 'self'; frame-ancestors 'self'; frame-src *.g.doubleclick.net https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com; img-src 'self' *.g.doubleclick.net *.google.com *.googleusercontent.com *.hubspot.com analytics.tiktok.com data: https://*.analytics.google.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://alb.reddit.com https://analytics.google.com https://analytics.twitter.com https://avatars.githubusercontent.com https://bat.bing.com https://bat.bing.net https://connect.facebook.net https://graph.microsoft.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://static.nebius.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.as https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cat https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.ck https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.nu https://www.google.pl https://www.google.pn https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sh https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.st https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.tt https://www.google.vu https://www.google.ws https://www.googletagmanager.com static.nebius.com; report-uri https://o4505906584485888.ingest.us.sentry.io/api/4506303150686208/security/?sentry_key=97557f85d9a8cd79be25cccadcb0e4d9; upgrade-insecure-requests ;"],"stats":{"totalHigh":0,"totalMedium":6,"totalLow":117,"totalInfo":0},"recommendations":[{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://*.googletagmanager.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://snap.licdn.com/","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://static.nebius.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://www.google-analytics.com/","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://www.googletagmanager.com/","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://www.redditstatic.com/","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Unsafe usage of unsafe-inline on style-src","severity":"LOW","directive":"style-src","source":"'unsafe-inline'","message":"Using 'unsafe-inline' on style-src allows injection of CSS. This potentially leaves the website open to styling attacks and complex info leaks.","recommendation":"Remove 'unsafe-inline' from the style-src. This might require some refactoring.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.cat","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.af","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ag","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ar","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.au","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.bd","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.bh","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.bn","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.bo","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.br","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.bz","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.co","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.cu","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.cy","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.do","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ec","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.eg","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.et","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.fj","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.gh","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.gi","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.gt","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.hk","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.jm","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.kh","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.kw","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.lb","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ly","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.mm","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.mt","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.mx","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.my","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.na","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ng","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ni","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.np","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.om","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.pa","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.pe","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.pg","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ph","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.pk","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.pr","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.py","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.qa","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.sa","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.sb","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.sg","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.sl","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.sv","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.tj","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.tr","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.tw","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ua","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.uy","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.vc","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.vn","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.cat","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.af","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ag","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ar","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.au","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.bd","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.bh","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.bn","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.bo","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.br","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.bz","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.co","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.cu","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.cy","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.do","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ec","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.eg","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.et","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.fj","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.gh","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.gi","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.gt","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.hk","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.jm","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.kh","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.kw","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.lb","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ly","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.mm","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.mt","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.mx","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.my","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.na","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ng","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ni","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.np","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.om","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.pa","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.pe","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.pg","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ph","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.pk","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.pr","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.py","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.qa","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.sa","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.sb","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.sg","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.sl","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.sv","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.tj","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.tr","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.tw","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ua","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.uy","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.vc","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.vn","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8e640bb3094b4229b6389","ts":"2026-04-10T12:00:00.789Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://tokenfactory.nebius.com/","isHidden":false,"parsedPolicy":{"policy":"default-src 'self';script-src 'nonce-eNmvss/LB5vJvj2pxGs+C3RI1CJEHWor2J+GwOkZUDw=' 'self' 'strict-dynamic' https://browser.sentry-cdn.com https://js.stripe.com/ https://www.googletagmanager.com/ https://*.googletagmanager.com https://www.google-analytics.com/ https://connect.facebook.net https://*.hotjar.com https://*.hotjar.io *.contentsquare.net app.contentsquare.com https://www.redditstatic.com https://snap.licdn.com/ https://static.ads-twitter.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hsforms.com https://*.hsforms.net analytics.tiktok.com;img-src 'self' data: https://static.nebius.com https://static.testing.nebius.com https://*.nebius.cloud https://*.githubusercontent.com https://www.googleadservices.com https://*.googletagmanager.com https://*.googlesyndication.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.g.doubleclick.net https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://www.facebook.com https://connect.facebook.net https://*.hotjar.com *.contentsquare.net https://alb.reddit.com https://bat.bing.net https://bat.bing.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://t.co https://analytics.twitter.com https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com analytics.tiktok.com https://local.tokenfactory.nebius.com:4443;connect-src 'self' data: https://*.tokenfactory.nebius.com https://*.nebiuscloud.net https://*.nebius.cloud https://*.sentry.io https://google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://*.googlesyndication.com https://*.google-analytics.com https://region1.analytics.google.com https://*.analytics.google.com https://analytics.google.com https://www.google.com https://*.g.doubleclick.net https://maps.googleapis.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://www.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.contentsquare.net *.contentsquare.com https://pixel-config.reddit.com https://www.redditstatic.com https://bat.bing.net https://bat.bing.com https://px.ads.linkedin.com https://*.hubapi.com https://*.hsforms.com https://static.hsappstatic.net analytics.tiktok.com *.tiktokw.us https://capig.stape.host https://capig.stape.pro https://gw.stape.run https://local.tokenfactory.nebius.com:4443 wss://local.tokenfactory.nebius.com:4443;style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com https://*.hotjar.com;font-src 'self' https: data: https://fonts.gstatic.com https://*.hotjar.com;object-src 'none';base-uri 'self';frame-src 'self' https://*.js.stripe.com https://js.stripe.com/ https://hooks.stripe.com https://www.googletagmanager.com https://www.google.com https://td.doubleclick.net https://*.g.doubleclick.net https://www.facebook.com;manifest-src 'self';media-src 'self' https://static.nebius.com https://static.testing.nebius.com https://local.tokenfactory.nebius.com:4443;worker-src 'none';form-action 'self' https://www.facebook.com;child-src https://*.hsforms.com;frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests","directives":{"base-uri":["'self'"],"child-src":["https://*.hsforms.com"],"connect-src":["'self'","*.contentsquare.com","*.contentsquare.net","*.tiktokw.us","analytics.tiktok.com","data:","https://*.analytics.google.com","https://*.g.doubleclick.net","https://*.google-analytics.com","https://*.googlesyndication.com","https://*.googletagmanager.com","https://*.hotjar.com","https://*.hotjar.io","https://*.hsforms.com","https://*.hubapi.com","https://*.nebius.cloud","https://*.nebiuscloud.net","https://*.sentry.io","https://*.tokenfactory.nebius.com","https://analytics.google.com","https://bat.bing.com","https://bat.bing.net","https://capig.stape.host","https://capig.stape.pro","https://google.com","https://gw.stape.run","https://local.tokenfactory.nebius.com:4443","https://maps.googleapis.com","https://pixel-config.reddit.com","https://px.ads.linkedin.com","https://region1.analytics.google.com","https://static.hsappstatic.net","https://www.facebook.com","https://www.google-analytics.com","https://www.google.ad","https://www.google.ae","https://www.google.al","https://www.google.am","https://www.google.as","https://www.google.at","https://www.google.az","https://www.google.ba","https://www.google.be","https://www.google.bf","https://www.google.bg","https://www.google.bi","https://www.google.bj","https://www.google.bs","https://www.google.bt","https://www.google.by","https://www.google.ca","https://www.google.cat","https://www.google.cd","https://www.google.cf","https://www.google.cg","https://www.google.ch","https://www.google.ci","https://www.google.cl","https://www.google.cm","https://www.google.cn","https://www.google.co.ao","https://www.google.co.bw","https://www.google.co.ck","https://www.google.co.cr","https://www.google.co.id","https://www.google.co.il","https://www.google.co.in","https://www.google.co.jp","https://www.google.co.ke","https://www.google.co.kr","https://www.google.co.ls","https://www.google.co.ma","https://www.google.co.mz","https://www.google.co.nz","https://www.google.co.th","https://www.google.co.tz","https://www.google.co.ug","https://www.google.co.uk","https://www.google.co.uz","https://www.google.co.ve","https://www.google.co.vi","https://www.google.co.za","https://www.google.co.zm","https://www.google.co.zw","https://www.google.com","https://www.google.com","https://www.google.com.af","https://www.google.com.ag","https://www.google.com.ar","https://www.google.com.au","https://www.google.com.bd","https://www.google.com.bh","https://www.google.com.bn","https://www.google.com.bo","https://www.google.com.br","https://www.google.com.bz","https://www.google.com.co","https://www.google.com.cu","https://www.google.com.cy","https://www.google.com.do","https://www.google.com.ec","https://www.google.com.eg","https://www.google.com.et","https://www.google.com.fj","https://www.google.com.gh","https://www.google.com.gi","https://www.google.com.gt","https://www.google.com.hk","https://www.google.com.jm","https://www.google.com.kh","https://www.google.com.kw","https://www.google.com.lb","https://www.google.com.ly","https://www.google.com.mm","https://www.google.com.mt","https://www.google.com.mx","https://www.google.com.my","https://www.google.com.na","https://www.google.com.ng","https://www.google.com.ni","https://www.google.com.np","https://www.google.com.om","https://www.google.com.pa","https://www.google.com.pe","https://www.google.com.pg","https://www.google.com.ph","https://www.google.com.pk","https://www.google.com.pr","https://www.google.com.py","https://www.google.com.qa","https://www.google.com.sa","https://www.google.com.sb","https://www.google.com.sg","https://www.google.com.sl","https://www.google.com.sv","https://www.google.com.tj","https://www.google.com.tr","https://www.google.com.tw","https://www.google.com.ua","https://www.google.com.uy","https://www.google.com.vc","https://www.google.com.vn","https://www.google.cv","https://www.google.cz","https://www.google.de","https://www.google.dj","https://www.google.dk","https://www.google.dm","https://www.google.dz","https://www.google.ee","https://www.google.es","https://www.google.fi","https://www.google.fm","https://www.google.fr","https://www.google.ga","https://www.google.ge","https://www.google.gg","https://www.google.gl","https://www.google.gm","https://www.google.gr","https://www.google.gy","https://www.google.hn","https://www.google.hr","https://www.google.ht","https://www.google.hu","https://www.google.ie","https://www.google.im","https://www.google.iq","https://www.google.is","https://www.google.it","https://www.google.je","https://www.google.jo","https://www.google.kg","https://www.google.ki","https://www.google.kz","https://www.google.la","https://www.google.li","https://www.google.lk","https://www.google.lt","https://www.google.lu","https://www.google.lv","https://www.google.md","https://www.google.me","https://www.google.mg","https://www.google.mk","https://www.google.ml","https://www.google.mn","https://www.google.mu","https://www.google.mv","https://www.google.mw","https://www.google.ne","https://www.google.nl","https://www.google.no","https://www.google.nr","https://www.google.nu","https://www.google.pl","https://www.google.pn","https://www.google.ps","https://www.google.pt","https://www.google.ro","https://www.google.rs","https://www.google.ru","https://www.google.rw","https://www.google.sc","https://www.google.se","https://www.google.sh","https://www.google.si","https://www.google.sk","https://www.google.sm","https://www.google.sn","https://www.google.so","https://www.google.sr","https://www.google.st","https://www.google.td","https://www.google.tg","https://www.google.tl","https://www.google.tm","https://www.google.tn","https://www.google.to","https://www.google.tt","https://www.google.vu","https://www.google.ws","https://www.googleadservices.com","https://www.redditstatic.com","wss://*.hotjar.com","wss://local.tokenfactory.nebius.com:4443"],"default-src":["'self'"],"font-src":["'self'","data:","https:","https://*.hotjar.com","https://fonts.gstatic.com"],"form-action":["'self'","https://www.facebook.com"],"frame-ancestors":["'self'"],"frame-src":["'self'","https://*.g.doubleclick.net","https://*.js.stripe.com","https://hooks.stripe.com","https://js.stripe.com/","https://td.doubleclick.net","https://www.facebook.com","https://www.google.com","https://www.googletagmanager.com"],"img-src":["'self'","*.contentsquare.net","analytics.tiktok.com","data:","https://*.analytics.google.com","https://*.g.doubleclick.net","https://*.githubusercontent.com","https://*.google-analytics.com","https://*.google.com","https://*.googleapis.com","https://*.googlesyndication.com","https://*.googletagmanager.com","https://*.googleusercontent.com","https://*.gstatic.com","https://*.hotjar.com","https://*.hsforms.com","https://*.hsforms.net","https://*.hubspot.com","https://*.nebius.cloud","https://alb.reddit.com","https://analytics.google.com","https://analytics.twitter.com","https://bat.bing.com","https://bat.bing.net","https://connect.facebook.net","https://local.tokenfactory.nebius.com:4443","https://px.ads.linkedin.com","https://px4.ads.linkedin.com","https://static.nebius.com","https://static.testing.nebius.com","https://t.co","https://www.facebook.com","https://www.google-analytics.com","https://www.google.ad","https://www.google.ae","https://www.google.al","https://www.google.am","https://www.google.as","https://www.google.at","https://www.google.az","https://www.google.ba","https://www.google.be","https://www.google.bf","https://www.google.bg","https://www.google.bi","https://www.google.bj","https://www.google.bs","https://www.google.bt","https://www.google.by","https://www.google.ca","https://www.google.cat","https://www.google.cd","https://www.google.cf","https://www.google.cg","https://www.google.ch","https://www.google.ci","https://www.google.cl","https://www.google.cm","https://www.google.cn","https://www.google.co.ao","https://www.google.co.bw","https://www.google.co.ck","https://www.google.co.cr","https://www.google.co.id","https://www.google.co.il","https://www.google.co.in","https://www.google.co.jp","https://www.google.co.ke","https://www.google.co.kr","https://www.google.co.ls","https://www.google.co.ma","https://www.google.co.mz","https://www.google.co.nz","https://www.google.co.th","https://www.google.co.tz","https://www.google.co.ug","https://www.google.co.uk","https://www.google.co.uz","https://www.google.co.ve","https://www.google.co.vi","https://www.google.co.za","https://www.google.co.zm","https://www.google.co.zw","https://www.google.com","https://www.google.com.af","https://www.google.com.ag","https://www.google.com.ar","https://www.google.com.au","https://www.google.com.bd","https://www.google.com.bh","https://www.google.com.bn","https://www.google.com.bo","https://www.google.com.br","https://www.google.com.bz","https://www.google.com.co","https://www.google.com.cu","https://www.google.com.cy","https://www.google.com.do","https://www.google.com.ec","https://www.google.com.eg","https://www.google.com.et","https://www.google.com.fj","https://www.google.com.gh","https://www.google.com.gi","https://www.google.com.gt","https://www.google.com.hk","https://www.google.com.jm","https://www.google.com.kh","https://www.google.com.kw","https://www.google.com.lb","https://www.google.com.ly","https://www.google.com.mm","https://www.google.com.mt","https://www.google.com.mx","https://www.google.com.my","https://www.google.com.na","https://www.google.com.ng","https://www.google.com.ni","https://www.google.com.np","https://www.google.com.om","https://www.google.com.pa","https://www.google.com.pe","https://www.google.com.pg","https://www.google.com.ph","https://www.google.com.pk","https://www.google.com.pr","https://www.google.com.py","https://www.google.com.qa","https://www.google.com.sa","https://www.google.com.sb","https://www.google.com.sg","https://www.google.com.sl","https://www.google.com.sv","https://www.google.com.tj","https://www.google.com.tr","https://www.google.com.tw","https://www.google.com.ua","https://www.google.com.uy","https://www.google.com.vc","https://www.google.com.vn","https://www.google.cv","https://www.google.cz","https://www.google.de","https://www.google.dj","https://www.google.dk","https://www.google.dm","https://www.google.dz","https://www.google.ee","https://www.google.es","https://www.google.fi","https://www.google.fm","https://www.google.fr","https://www.google.ga","https://www.google.ge","https://www.google.gg","https://www.google.gl","https://www.google.gm","https://www.google.gr","https://www.google.gy","https://www.google.hn","https://www.google.hr","https://www.google.ht","https://www.google.hu","https://www.google.ie","https://www.google.im","https://www.google.iq","https://www.google.is","https://www.google.it","https://www.google.je","https://www.google.jo","https://www.google.kg","https://www.google.ki","https://www.google.kz","https://www.google.la","https://www.google.li","https://www.google.lk","https://www.google.lt","https://www.google.lu","https://www.google.lv","https://www.google.md","https://www.google.me","https://www.google.mg","https://www.google.mk","https://www.google.ml","https://www.google.mn","https://www.google.mu","https://www.google.mv","https://www.google.mw","https://www.google.ne","https://www.google.nl","https://www.google.no","https://www.google.nr","https://www.google.nu","https://www.google.pl","https://www.google.pn","https://www.google.ps","https://www.google.pt","https://www.google.ro","https://www.google.rs","https://www.google.ru","https://www.google.rw","https://www.google.sc","https://www.google.se","https://www.google.sh","https://www.google.si","https://www.google.sk","https://www.google.sm","https://www.google.sn","https://www.google.so","https://www.google.sr","https://www.google.st","https://www.google.td","https://www.google.tg","https://www.google.tl","https://www.google.tm","https://www.google.tn","https://www.google.to","https://www.google.tt","https://www.google.vu","https://www.google.ws","https://www.googleadservices.com","https://www.googletagmanager.com"],"manifest-src":["'self'"],"media-src":["'self'","https://local.tokenfactory.nebius.com:4443","https://static.nebius.com","https://static.testing.nebius.com"],"object-src":["'none'"],"script-src":["'nonce-eNmvss/LB5vJvj2pxGs+C3RI1CJEHWor2J+GwOkZUDw='","'self'","'strict-dynamic'","*.contentsquare.net","analytics.tiktok.com","app.contentsquare.com","https://*.googletagmanager.com","https://*.hotjar.com","https://*.hotjar.io","https://*.hs-analytics.net","https://*.hs-banner.com","https://*.hs-scripts.com","https://*.hsadspixel.net","https://*.hsforms.com","https://*.hsforms.net","https://browser.sentry-cdn.com","https://connect.facebook.net","https://js.stripe.com/","https://snap.licdn.com/","https://static.ads-twitter.com","https://www.google-analytics.com/","https://www.googletagmanager.com/","https://www.redditstatic.com"],"script-src-attr":["'none'"],"style-src":["'self'","'unsafe-inline'","https:","https://*.hotjar.com","https://fonts.googleapis.com","https://www.googletagmanager.com"],"upgrade-insecure-requests":[],"worker-src":["'none'"]},"directiveOrder":["default-src","script-src","img-src","connect-src","style-src","font-src","object-src","base-uri","frame-src","manifest-src","media-src","worker-src","form-action","child-src","frame-ancestors","script-src-attr","upgrade-insecure-requests"],"disposition":"enforce","delivery":"header","sourceMapping":{"'nonce-eNmvss/LB5vJvj2pxGs+C3RI1CJEHWor2J+GwOkZUDw='":"nonce-source","'none'":"keyword-source","'self'":"keyword-source","'strict-dynamic'":"keyword-source","'unsafe-inline'":"keyword-source","*.contentsquare.com":"host-source","*.contentsquare.net":"host-source","*.tiktokw.us":"host-source","analytics.tiktok.com":"host-source","app.contentsquare.com":"host-source","data:":"scheme-source","https:":"scheme-source","https://*.analytics.google.com":"host-source","https://*.g.doubleclick.net":"host-source","https://*.githubusercontent.com":"host-source","https://*.google-analytics.com":"host-source","https://*.google.com":"host-source","https://*.googleapis.com":"host-source","https://*.googlesyndication.com":"host-source","https://*.googletagmanager.com":"host-source","https://*.googleusercontent.com":"host-source","https://*.gstatic.com":"host-source","https://*.hotjar.com":"host-source","https://*.hotjar.io":"host-source","https://*.hs-analytics.net":"host-source","https://*.hs-banner.com":"host-source","https://*.hs-scripts.com":"host-source","https://*.hsadspixel.net":"host-source","https://*.hsforms.com":"host-source","https://*.hsforms.net":"host-source","https://*.hubapi.com":"host-source","https://*.hubspot.com":"host-source","https://*.js.stripe.com":"host-source","https://*.nebius.cloud":"host-source","https://*.nebiuscloud.net":"host-source","https://*.sentry.io":"host-source","https://*.tokenfactory.nebius.com":"host-source","https://alb.reddit.com":"host-source","https://analytics.google.com":"host-source","https://analytics.twitter.com":"host-source","https://bat.bing.com":"host-source","https://bat.bing.net":"host-source","https://browser.sentry-cdn.com":"host-source","https://capig.stape.host":"host-source","https://capig.stape.pro":"host-source","https://connect.facebook.net":"host-source","https://fonts.googleapis.com":"host-source","https://fonts.gstatic.com":"host-source","https://google.com":"host-source","https://gw.stape.run":"host-source","https://hooks.stripe.com":"host-source","https://js.stripe.com/":"host-source","https://local.tokenfactory.nebius.com:4443":"host-source","https://maps.googleapis.com":"host-source","https://pixel-config.reddit.com":"host-source","https://px.ads.linkedin.com":"host-source","https://px4.ads.linkedin.com":"host-source","https://region1.analytics.google.com":"host-source","https://snap.licdn.com/":"host-source","https://static.ads-twitter.com":"host-source","https://static.hsappstatic.net":"host-source","https://static.nebius.com":"host-source","https://static.testing.nebius.com":"host-source","https://t.co":"host-source","https://td.doubleclick.net":"host-source","https://www.facebook.com":"host-source","https://www.google-analytics.com":"host-source","https://www.google-analytics.com/":"host-source","https://www.google.ad":"host-source","https://www.google.ae":"host-source","https://www.google.al":"host-source","https://www.google.am":"host-source","https://www.google.as":"host-source","https://www.google.at":"host-source","https://www.google.az":"host-source","https://www.google.ba":"host-source","https://www.google.be":"host-source","https://www.google.bf":"host-source","https://www.google.bg":"host-source","https://www.google.bi":"host-source","https://www.google.bj":"host-source","https://www.google.bs":"host-source","https://www.google.bt":"host-source","https://www.google.by":"host-source","https://www.google.ca":"host-source","https://www.google.cat":"host-source","https://www.google.cd":"host-source","https://www.google.cf":"host-source","https://www.google.cg":"host-source","https://www.google.ch":"host-source","https://www.google.ci":"host-source","https://www.google.cl":"host-source","https://www.google.cm":"host-source","https://www.google.cn":"host-source","https://www.google.co.ao":"host-source","https://www.google.co.bw":"host-source","https://www.google.co.ck":"host-source","https://www.google.co.cr":"host-source","https://www.google.co.id":"host-source","https://www.google.co.il":"host-source","https://www.google.co.in":"host-source","https://www.google.co.jp":"host-source","https://www.google.co.ke":"host-source","https://www.google.co.kr":"host-source","https://www.google.co.ls":"host-source","https://www.google.co.ma":"host-source","https://www.google.co.mz":"host-source","https://www.google.co.nz":"host-source","https://www.google.co.th":"host-source","https://www.google.co.tz":"host-source","https://www.google.co.ug":"host-source","https://www.google.co.uk":"host-source","https://www.google.co.uz":"host-source","https://www.google.co.ve":"host-source","https://www.google.co.vi":"host-source","https://www.google.co.za":"host-source","https://www.google.co.zm":"host-source","https://www.google.co.zw":"host-source","https://www.google.com":"host-source","https://www.google.com.af":"host-source","https://www.google.com.ag":"host-source","https://www.google.com.ar":"host-source","https://www.google.com.au":"host-source","https://www.google.com.bd":"host-source","https://www.google.com.bh":"host-source","https://www.google.com.bn":"host-source","https://www.google.com.bo":"host-source","https://www.google.com.br":"host-source","https://www.google.com.bz":"host-source","https://www.google.com.co":"host-source","https://www.google.com.cu":"host-source","https://www.google.com.cy":"host-source","https://www.google.com.do":"host-source","https://www.google.com.ec":"host-source","https://www.google.com.eg":"host-source","https://www.google.com.et":"host-source","https://www.google.com.fj":"host-source","https://www.google.com.gh":"host-source","https://www.google.com.gi":"host-source","https://www.google.com.gt":"host-source","https://www.google.com.hk":"host-source","https://www.google.com.jm":"host-source","https://www.google.com.kh":"host-source","https://www.google.com.kw":"host-source","https://www.google.com.lb":"host-source","https://www.google.com.ly":"host-source","https://www.google.com.mm":"host-source","https://www.google.com.mt":"host-source","https://www.google.com.mx":"host-source","https://www.google.com.my":"host-source","https://www.google.com.na":"host-source","https://www.google.com.ng":"host-source","https://www.google.com.ni":"host-source","https://www.google.com.np":"host-source","https://www.google.com.om":"host-source","https://www.google.com.pa":"host-source","https://www.google.com.pe":"host-source","https://www.google.com.pg":"host-source","https://www.google.com.ph":"host-source","https://www.google.com.pk":"host-source","https://www.google.com.pr":"host-source","https://www.google.com.py":"host-source","https://www.google.com.qa":"host-source","https://www.google.com.sa":"host-source","https://www.google.com.sb":"host-source","https://www.google.com.sg":"host-source","https://www.google.com.sl":"host-source","https://www.google.com.sv":"host-source","https://www.google.com.tj":"host-source","https://www.google.com.tr":"host-source","https://www.google.com.tw":"host-source","https://www.google.com.ua":"host-source","https://www.google.com.uy":"host-source","https://www.google.com.vc":"host-source","https://www.google.com.vn":"host-source","https://www.google.cv":"host-source","https://www.google.cz":"host-source","https://www.google.de":"host-source","https://www.google.dj":"host-source","https://www.google.dk":"host-source","https://www.google.dm":"host-source","https://www.google.dz":"host-source","https://www.google.ee":"host-source","https://www.google.es":"host-source","https://www.google.fi":"host-source","https://www.google.fm":"host-source","https://www.google.fr":"host-source","https://www.google.ga":"host-source","https://www.google.ge":"host-source","https://www.google.gg":"host-source","https://www.google.gl":"host-source","https://www.google.gm":"host-source","https://www.google.gr":"host-source","https://www.google.gy":"host-source","https://www.google.hn":"host-source","https://www.google.hr":"host-source","https://www.google.ht":"host-source","https://www.google.hu":"host-source","https://www.google.ie":"host-source","https://www.google.im":"host-source","https://www.google.iq":"host-source","https://www.google.is":"host-source","https://www.google.it":"host-source","https://www.google.je":"host-source","https://www.google.jo":"host-source","https://www.google.kg":"host-source","https://www.google.ki":"host-source","https://www.google.kz":"host-source","https://www.google.la":"host-source","https://www.google.li":"host-source","https://www.google.lk":"host-source","https://www.google.lt":"host-source","https://www.google.lu":"host-source","https://www.google.lv":"host-source","https://www.google.md":"host-source","https://www.google.me":"host-source","https://www.google.mg":"host-source","https://www.google.mk":"host-source","https://www.google.ml":"host-source","https://www.google.mn":"host-source","https://www.google.mu":"host-source","https://www.google.mv":"host-source","https://www.google.mw":"host-source","https://www.google.ne":"host-source","https://www.google.nl":"host-source","https://www.google.no":"host-source","https://www.google.nr":"host-source","https://www.google.nu":"host-source","https://www.google.pl":"host-source","https://www.google.pn":"host-source","https://www.google.ps":"host-source","https://www.google.pt":"host-source","https://www.google.ro":"host-source","https://www.google.rs":"host-source","https://www.google.ru":"host-source","https://www.google.rw":"host-source","https://www.google.sc":"host-source","https://www.google.se":"host-source","https://www.google.sh":"host-source","https://www.google.si":"host-source","https://www.google.sk":"host-source","https://www.google.sm":"host-source","https://www.google.sn":"host-source","https://www.google.so":"host-source","https://www.google.sr":"host-source","https://www.google.st":"host-source","https://www.google.td":"host-source","https://www.google.tg":"host-source","https://www.google.tl":"host-source","https://www.google.tm":"host-source","https://www.google.tn":"host-source","https://www.google.to":"host-source","https://www.google.tt":"host-source","https://www.google.vu":"host-source","https://www.google.ws":"host-source","https://www.googleadservices.com":"host-source","https://www.googletagmanager.com":"host-source","https://www.googletagmanager.com/":"host-source","https://www.redditstatic.com":"host-source","wss://*.hotjar.com":"host-source","wss://local.tokenfactory.nebius.com:4443":"host-source"}},"disposition":"enforce","source":"header","policies":["default-src 'self'; script-src 'nonce-eNmvss/LB5vJvj2pxGs+C3RI1CJEHWor2J+GwOkZUDw=' 'self' 'strict-dynamic' *.contentsquare.net analytics.tiktok.com app.contentsquare.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hsforms.com https://*.hsforms.net https://browser.sentry-cdn.com https://connect.facebook.net https://js.stripe.com/ https://snap.licdn.com/ https://static.ads-twitter.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.redditstatic.com; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https: https://*.hotjar.com https://fonts.googleapis.com https://www.googletagmanager.com; object-src 'none'; base-uri 'self'; child-src https://*.hsforms.com; connect-src 'self' *.contentsquare.com *.contentsquare.net *.tiktokw.us analytics.tiktok.com data: https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.hsforms.com https://*.hubapi.com https://*.nebius.cloud https://*.nebiuscloud.net https://*.sentry.io https://*.tokenfactory.nebius.com https://analytics.google.com https://bat.bing.com https://bat.bing.net https://capig.stape.host https://capig.stape.pro https://google.com https://gw.stape.run https://local.tokenfactory.nebius.com:4443 https://maps.googleapis.com https://pixel-config.reddit.com https://px.ads.linkedin.com https://region1.analytics.google.com https://static.hsappstatic.net https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.as https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cat https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.ck https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.nu https://www.google.pl https://www.google.pn https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sh https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.st https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.tt https://www.google.vu https://www.google.ws https://www.googleadservices.com https://www.redditstatic.com wss://*.hotjar.com wss://local.tokenfactory.nebius.com:4443; font-src 'self' data: https: https://*.hotjar.com https://fonts.gstatic.com; form-action 'self' https://www.facebook.com; frame-ancestors 'self'; frame-src 'self' https://*.g.doubleclick.net https://*.js.stripe.com https://hooks.stripe.com https://js.stripe.com/ https://td.doubleclick.net https://www.facebook.com https://www.google.com https://www.googletagmanager.com; img-src 'self' *.contentsquare.net analytics.tiktok.com data: https://*.analytics.google.com https://*.g.doubleclick.net https://*.githubusercontent.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.gstatic.com https://*.hotjar.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.nebius.cloud https://alb.reddit.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://bat.bing.net https://connect.facebook.net https://local.tokenfactory.nebius.com:4443 https://px.ads.linkedin.com https://px4.ads.linkedin.com https://static.nebius.com https://static.testing.nebius.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.as https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cat https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.ck https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.nu https://www.google.pl https://www.google.pn https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sh https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.st https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.tt https://www.google.vu https://www.google.ws https://www.googleadservices.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://local.tokenfactory.nebius.com:4443 https://static.nebius.com https://static.testing.nebius.com; upgrade-insecure-requests ; worker-src 'none';"],"stats":{"totalHigh":0,"totalMedium":21,"totalLow":122,"totalInfo":0},"recommendations":[{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.contentsquare.net","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://*.googletagmanager.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://*.hotjar.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://*.hotjar.io","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://*.hs-analytics.net","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://*.hs-banner.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://*.hs-scripts.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://*.hsadspixel.net","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://*.hsforms.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://*.hsforms.net","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"analytics.tiktok.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"app.contentsquare.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://browser.sentry-cdn.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://connect.facebook.net","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://js.stripe.com/","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://snap.licdn.com/","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://static.ads-twitter.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://www.google-analytics.com/","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://www.googletagmanager.com/","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://www.redditstatic.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Unsafe usage of unsafe-inline on style-src","severity":"LOW","directive":"style-src","source":"'unsafe-inline'","message":"Using 'unsafe-inline' on style-src allows injection of CSS. This potentially leaves the website open to styling attacks and complex info leaks.","recommendation":"Remove 'unsafe-inline' from the style-src. This might require some refactoring.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"style-src","source":"https://*.hotjar.com","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"style-src","source":"https://fonts.googleapis.com","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"style-src","source":"https://www.googletagmanager.com","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.cat","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.af","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ag","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ar","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.au","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.bd","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.bh","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.bn","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.bo","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.br","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.bz","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.co","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.cu","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.cy","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.do","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ec","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.eg","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.et","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.fj","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.gh","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.gi","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.gt","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.hk","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.jm","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.kh","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.kw","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.lb","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ly","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.mm","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.mt","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.mx","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.my","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.na","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ng","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ni","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.np","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.om","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.pa","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.pe","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.pg","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ph","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.pk","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.pr","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.py","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.qa","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.sa","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.sb","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.sg","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.sl","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.sv","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.tj","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.tr","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.tw","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.ua","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.uy","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.vc","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://www.google.com.vn","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"font-src","source":"https://*.hotjar.com","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"font-src","source":"https://fonts.gstatic.com","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.cat","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.af","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ag","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ar","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.au","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.bd","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.bh","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.bn","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.bo","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.br","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.bz","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.co","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.cu","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.cy","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.do","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ec","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.eg","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.et","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.fj","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.gh","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.gi","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.gt","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.hk","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.jm","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.kh","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.kw","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.lb","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ly","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.mm","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.mt","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.mx","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.my","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.na","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ng","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ni","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.np","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.om","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.pa","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.pe","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.pg","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ph","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.pk","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.pr","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.py","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.qa","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.sa","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.sb","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.sg","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.sl","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.sv","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.tj","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.tr","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.tw","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ua","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.uy","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.vc","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.vn","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8dbc95e323d879b758071","ts":"2026-04-10T11:15:21.64Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://register.pfxselect.com/#/Registration","isHidden":false,"parsedPolicy":{"policy":"default-src 'self'; connect-src 'self' https://pfxselect.com https://hexacthost.danfoss.com/HeAuth/api https://hexacthost.danfoss.com/HeAuth/api/account/VerifyEmail https://hexacthost.danfoss.com/HeAuth/api/account/armPreRegister https://hexacthost.danfoss.com/HeAuth/api/account/resetPassword https://hexacthost.danfoss.com/HeAuth/api/account/armPreResetPassword https://hexacthost.danfoss.com/HeAuth/api/account/armRegister https://hexacthost.danfoss.com/HeAuth/Token; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';","directives":{"connect-src":["'self'","https://hexacthost.danfoss.com/HeAuth/Token","https://hexacthost.danfoss.com/HeAuth/api","https://hexacthost.danfoss.com/HeAuth/api/account/VerifyEmail","https://hexacthost.danfoss.com/HeAuth/api/account/armPreRegister","https://hexacthost.danfoss.com/HeAuth/api/account/armPreResetPassword","https://hexacthost.danfoss.com/HeAuth/api/account/armRegister","https://hexacthost.danfoss.com/HeAuth/api/account/resetPassword","https://pfxselect.com"],"default-src":["'self'"],"script-src":["'self'","'unsafe-inline'"],"style-src":["'self'","'unsafe-inline'"]},"directiveOrder":["default-src","connect-src","script-src","style-src"],"disposition":"enforce","delivery":"meta","sourceMapping":{"'self'":"keyword-source","'unsafe-inline'":"keyword-source","https://hexacthost.danfoss.com/HeAuth/Token":"host-source","https://hexacthost.danfoss.com/HeAuth/api":"host-source","https://hexacthost.danfoss.com/HeAuth/api/account/VerifyEmail":"host-source","https://hexacthost.danfoss.com/HeAuth/api/account/armPreRegister":"host-source","https://hexacthost.danfoss.com/HeAuth/api/account/armPreResetPassword":"host-source","https://hexacthost.danfoss.com/HeAuth/api/account/armRegister":"host-source","https://hexacthost.danfoss.com/HeAuth/api/account/resetPassword":"host-source","https://pfxselect.com":"host-source"}},"disposition":"enforce","source":"meta","policies":["default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://hexacthost.danfoss.com/HeAuth/Token https://hexacthost.danfoss.com/HeAuth/api https://hexacthost.danfoss.com/HeAuth/api/account/VerifyEmail https://hexacthost.danfoss.com/HeAuth/api/account/armPreRegister https://hexacthost.danfoss.com/HeAuth/api/account/armPreResetPassword https://hexacthost.danfoss.com/HeAuth/api/account/armRegister https://hexacthost.danfoss.com/HeAuth/api/account/resetPassword https://pfxselect.com;"],"stats":{"totalHigh":1,"totalMedium":3,"totalLow":9,"totalInfo":0},"recommendations":[{"title":"Usage of unsafe-inline on script-src","severity":"HIGH","directive":"script-src","source":"'unsafe-inline'","message":"The usage of 'unsafe-inline' negates the primary CSP protection against XSS.","recommendation":"Remove 'unsafe-inline'. This will probably require a refactoring of code.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Missing object-src (with non-restrictive default-src)","severity":"MEDIUM","directive":"object-src","source":"","message":"object-src is a sensitive directive that may allow XSS (or similar) if missing.","recommendation":"Set object-src to 'none' or the bare minimum necessary.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing base-uri","severity":"MEDIUM","directive":"base-uri","source":"","message":"If an attacker is able to inject into the \u003chead\u003e of the document, they can spoof a different base-uri resulting in an XSS.","recommendation":"Set base-uri to 'self' or 'none' if possible. base-uri does not fall back to default-src.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://hexacthost.danfoss.com/HeAuth/api/account/VerifyEmail","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing form-action","severity":"LOW","directive":"form-action","source":"","message":"There's no defiend form-action. Sometimes form-action abuse can be used to smuggle tokens and other sensitive information out of a page.","recommendation":"Set form-action to 'none' or 'self', or the the most restrictive possible.","docs":"https://csper.io/docs/directives","docsTitle":"directives"},{"title":"Unsafe usage of unsafe-inline on style-src","severity":"LOW","directive":"style-src","source":"'unsafe-inline'","message":"Using 'unsafe-inline' on style-src allows injection of CSS. This potentially leaves the website open to styling attacks and complex info leaks.","recommendation":"Remove 'unsafe-inline' from the style-src. This might require some refactoring.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://hexacthost.danfoss.com/HeAuth/api/account/armPreRegister","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://hexacthost.danfoss.com/HeAuth/api/account/armPreResetPassword","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://hexacthost.danfoss.com/HeAuth/api/account/armRegister","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"connect-src","source":"https://hexacthost.danfoss.com/HeAuth/api/account/resetPassword","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8db8ebb3094b4229b6383","ts":"2026-04-10T11:14:22.407Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://www.pmi.com","isHidden":false,"parsedPolicy":{"policy":"default-src 'none'; font-src 'self' data: *.cloudfront.net *.nr-data.net *.newrelic.com *.gstatic.com *.googleapis.com *.adobeaemcloud.com *.pmigcpes.com https://use.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.googletagmanager.com https://*.coveo.com https://lb-1.eu-west-1.mulesoft-cloudhub-nonprod.pmideep.com https://apis.google.com https://maps.googleapis.com *.gigya.com https://live-chat-static.sprinklr.com https://prod-live-chat.sprinklr.com  *.nr-data.net *.newrelic.com https://www.google-analytics.com https://dnsl4xr6unrmf.cloudfront.net https://cdn.cookielaw.org https://www.youtube.com https://www.googletagmanager.com https://code.jquery.com https://ajax.googleapis.com https://s3.amazonaws.com *.gigya.com https://prod-live-chat.sprinklr.com *.adobeaemcloud.com *.pmicom.pmigcpes.com; style-src 'self' 'unsafe-inline' https://www.pmi.com https://*.coveo.com https://www.googletagmanager.com https://cdn.cookielaw.org https://fonts.googleapis.com https://s3.amazonaws.com *.adobeaemcloud.com *.pmicom.pmigcpes.com https://use.typekit.net; img-src 'self' data: blob: *.linkedin.com https://*.google-analytics.com https://*.googletagmanager.com https://www.pmi.com https://maps.gstatic.com/ https://cdns.eu1.gigya.com https://8476719.fls.doubleclick.net https://i.ytimg.com https://sprcdn-assets.sprinklr.com https://cdns1.gigya.com https://marlboro-germany.videomarketingplatform.co https://www.facebook.com https://www.google.es https://www.google.ch https://i.ytimg.com https://cdns2.gigya.com https://www.google.rs https://jslog.krxd.net https://beacon.krxd.net *.gigya.com https://www.google.nl https://proserve-microexperiences.s3.amazonaws.com https://www.google.com https://www.google.pl https://www.google-analytics.com https://dev.day.com https://cdn.cookielaw.org https://www.google.com.tr https://www.google.com.ua https://www.googletagmanager.com https://s3.amazonaws.com https://cdn.wyng.com *.cloudfront.net *.adobeaemcloud.com *.pmicom.pmigcpes.com *.stopillegal.com/; connect-src 'self' https://*.go-mpulse.net https://www.googletagmanager.com *.crwdcntrl.net *.linkedin.com *.qualtrics.com https://www.google.com https://lottie.host https://*.coveo.com *.treasuredata.com https://www.gstatic.com *.nr-data.net https://js-agent.newrelic.com https://lb-1.eu-west-1.mulesoft-cloudhub-nonprod.pmideep.com https://maps.googleapis.com *.google-analytics.com https://cookies-data.onetrust.io https://beacon.krxd.net https://jslog.krxd.net https://prod-live-chat.sprinklr.com https://live-chat-static.sprinklr.com https://*.gigya.com wss://prod-lc-mqtt-nike.sprinklr.com https://www.google-analytics.com https://stats.g.doubleclick.net https://services-api.wyng.com https://experiences.wyng.com https://ajax.googleapis.com https://api.offerpop.com https://api.wyng.com https://content-api.wyng.com https://wyng.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://pmi-prod-privacy.my.onetrust.com https://cdn.plyr.io https://noembed.com/embed https://unpkg.com https://cdn.jsdelivr.net *.pmigpes.com https://analytics.google.com https://*.gbqofs.io https://ad.doubleclick.net; frame-src 'self' *.crwdcntrl.net https://pmi.com https://www.pmi.com https://video.pmi.com https://www.google.com https://marlboro-germany.videomarketingplatform.co https://www.facebook.com https://www.youtube.com https://*.gigya.com https://cdn.krxd.net https://8476719.fls.doubleclick.net https://www.youtube-nocookie.com https://cdn.cookielaw.org https://language-mastercomms.23video.com https://globalcomms.23video.com https://global-comms-new-workspace.twentythree.com https://philipmorrisinternational.gcs-web.com *.doubleclick.net; script-src-elem 'self' 'unsafe-inline' *.qualtrics.com *.crwdcntrl.net *.licdn.com https://video.pmi.com https://unpkg.com/ https://*.coveo.com https://www.google.com https://www.gstatic.com *.treasuredata.com https://www.gstatic.com https://cdns.eu1.gigya.com *.nr-data.net https://js-agent.newrelic.com https://connect.facebook.net https://apis.google.com https://lb-1.eu-west-1.mulesoft-cloudhub-nonprod.pmideep.com https://maps.googleapis.com https://spx-components.cdn.sprinklr.com https://s3.amazonaws.com https://ajax.googleapis.com *.cloudfront.net https://prod-live-chat.sprinklr.com https://beacon.krxd.net https://live-chat-static.sprinklr.com https://cdns.gigya.com https://consumer.krxd.net https://cdn.krxd.net https://cdn.cookielaw.org https://code.jquery.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com *.adobeaemcloud.com *.pmicom.pmigcpes.com https://*.gbqofs.com https://analytics.google.com https://*.go-mpulse.net; media-src 'self' https://proserve-microexperiences.s3.amazonaws.com https://sprcdn-assets.sprinklr.com https://cdn.wyng.com https://video.twentythree.com https://delivery.twentythree.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.pmi.com; manifest-src 'self'; frame-ancestors 'self' https://www.google.com https://www.recaptcha.net","directives":{"connect-src":["'self'","*.crwdcntrl.net","*.google-analytics.com","*.linkedin.com","*.nr-data.net","*.pmigpes.com","*.qualtrics.com","*.treasuredata.com","https://*.coveo.com","https://*.gbqofs.io","https://*.gigya.com","https://*.go-mpulse.net","https://ad.doubleclick.net","https://ajax.googleapis.com","https://analytics.google.com","https://api.offerpop.com","https://api.wyng.com","https://beacon.krxd.net","https://cdn.cookielaw.org","https://cdn.jsdelivr.net","https://cdn.plyr.io","https://content-api.wyng.com","https://cookies-data.onetrust.io","https://experiences.wyng.com","https://geolocation.onetrust.com","https://js-agent.newrelic.com","https://jslog.krxd.net","https://lb-1.eu-west-1.mulesoft-cloudhub-nonprod.pmideep.com","https://live-chat-static.sprinklr.com","https://lottie.host","https://maps.googleapis.com","https://noembed.com/embed","https://pmi-prod-privacy.my.onetrust.com","https://prod-live-chat.sprinklr.com","https://services-api.wyng.com","https://stats.g.doubleclick.net","https://unpkg.com","https://www.google-analytics.com","https://www.google.com","https://www.googletagmanager.com","https://www.gstatic.com","https://wyng.io","wss://prod-lc-mqtt-nike.sprinklr.com"],"default-src":["'none'"],"font-src":["'self'","*.adobeaemcloud.com","*.cloudfront.net","*.googleapis.com","*.gstatic.com","*.newrelic.com","*.nr-data.net","*.pmigcpes.com","data:","https://use.typekit.net"],"frame-ancestors":["'self'","https://www.google.com","https://www.recaptcha.net"],"frame-src":["'self'","*.crwdcntrl.net","*.doubleclick.net","https://*.gigya.com","https://8476719.fls.doubleclick.net","https://cdn.cookielaw.org","https://cdn.krxd.net","https://global-comms-new-workspace.twentythree.com","https://globalcomms.23video.com","https://language-mastercomms.23video.com","https://marlboro-germany.videomarketingplatform.co","https://philipmorrisinternational.gcs-web.com","https://pmi.com","https://video.pmi.com","https://www.facebook.com","https://www.google.com","https://www.pmi.com","https://www.youtube-nocookie.com","https://www.youtube.com"],"img-src":["'self'","*.adobeaemcloud.com","*.cloudfront.net","*.gigya.com","*.linkedin.com","*.pmicom.pmigcpes.com","*.stopillegal.com/","blob:","data:","https://*.google-analytics.com","https://*.googletagmanager.com","https://8476719.fls.doubleclick.net","https://beacon.krxd.net","https://cdn.cookielaw.org","https://cdn.wyng.com","https://cdns.eu1.gigya.com","https://cdns1.gigya.com","https://cdns2.gigya.com","https://dev.day.com","https://i.ytimg.com","https://i.ytimg.com","https://jslog.krxd.net","https://maps.gstatic.com/","https://marlboro-germany.videomarketingplatform.co","https://proserve-microexperiences.s3.amazonaws.com","https://s3.amazonaws.com","https://sprcdn-assets.sprinklr.com","https://www.facebook.com","https://www.google-analytics.com","https://www.google.ch","https://www.google.com","https://www.google.com.tr","https://www.google.com.ua","https://www.google.es","https://www.google.nl","https://www.google.pl","https://www.google.rs","https://www.googletagmanager.com","https://www.pmi.com"],"manifest-src":["'self'"],"media-src":["'self'","https://*.analytics.google.com","https://*.google-analytics.com","https://*.googletagmanager.com","https://cdn.wyng.com","https://delivery.twentythree.com","https://proserve-microexperiences.s3.amazonaws.com","https://sprcdn-assets.sprinklr.com","https://video.twentythree.com","https://www.googletagmanager.com","https://www.pmi.com"],"script-src":["'self'","'unsafe-eval'","'unsafe-inline'","*.adobeaemcloud.com","*.gigya.com","*.gigya.com","*.newrelic.com","*.nr-data.net","*.pmicom.pmigcpes.com","blob:","https://*.coveo.com","https://*.googletagmanager.com","https://ajax.googleapis.com","https://apis.google.com","https://cdn.cookielaw.org","https://code.jquery.com","https://dnsl4xr6unrmf.cloudfront.net","https://lb-1.eu-west-1.mulesoft-cloudhub-nonprod.pmideep.com","https://live-chat-static.sprinklr.com","https://maps.googleapis.com","https://prod-live-chat.sprinklr.com","https://prod-live-chat.sprinklr.com","https://s3.amazonaws.com","https://www.google-analytics.com","https://www.googletagmanager.com","https://www.youtube.com"],"script-src-elem":["'self'","'unsafe-inline'","*.adobeaemcloud.com","*.cloudfront.net","*.crwdcntrl.net","*.licdn.com","*.nr-data.net","*.pmicom.pmigcpes.com","*.qualtrics.com","*.treasuredata.com","https://*.coveo.com","https://*.gbqofs.com","https://*.go-mpulse.net","https://ajax.googleapis.com","https://analytics.google.com","https://apis.google.com","https://beacon.krxd.net","https://cdn.cookielaw.org","https://cdn.krxd.net","https://cdns.eu1.gigya.com","https://cdns.gigya.com","https://code.jquery.com","https://connect.facebook.net","https://consumer.krxd.net","https://js-agent.newrelic.com","https://lb-1.eu-west-1.mulesoft-cloudhub-nonprod.pmideep.com","https://live-chat-static.sprinklr.com","https://maps.googleapis.com","https://prod-live-chat.sprinklr.com","https://s3.amazonaws.com","https://spx-components.cdn.sprinklr.com","https://unpkg.com/","https://video.pmi.com","https://www.google-analytics.com","https://www.google.com","https://www.googletagmanager.com","https://www.gstatic.com","https://www.gstatic.com","https://www.youtube.com"],"style-src":["'self'","'unsafe-inline'","*.adobeaemcloud.com","*.pmicom.pmigcpes.com","https://*.coveo.com","https://cdn.cookielaw.org","https://fonts.googleapis.com","https://s3.amazonaws.com","https://use.typekit.net","https://www.googletagmanager.com","https://www.pmi.com"]},"directiveOrder":["default-src","font-src","script-src","style-src","img-src","connect-src","frame-src","script-src-elem","media-src","manifest-src","frame-ancestors"],"disposition":"enforce","delivery":"header","sourceMapping":{"'none'":"keyword-source","'self'":"keyword-source","'unsafe-eval'":"keyword-source","'unsafe-inline'":"keyword-source","*.adobeaemcloud.com":"host-source","*.cloudfront.net":"host-source","*.crwdcntrl.net":"host-source","*.doubleclick.net":"host-source","*.gigya.com":"host-source","*.google-analytics.com":"host-source","*.googleapis.com":"host-source","*.gstatic.com":"host-source","*.licdn.com":"host-source","*.linkedin.com":"host-source","*.newrelic.com":"host-source","*.nr-data.net":"host-source","*.pmicom.pmigcpes.com":"host-source","*.pmigcpes.com":"host-source","*.pmigpes.com":"host-source","*.qualtrics.com":"host-source","*.stopillegal.com/":"host-source","*.treasuredata.com":"host-source","blob:":"scheme-source","data:":"scheme-source","https://*.analytics.google.com":"host-source","https://*.coveo.com":"host-source","https://*.gbqofs.com":"host-source","https://*.gbqofs.io":"host-source","https://*.gigya.com":"host-source","https://*.go-mpulse.net":"host-source","https://*.google-analytics.com":"host-source","https://*.googletagmanager.com":"host-source","https://8476719.fls.doubleclick.net":"host-source","https://ad.doubleclick.net":"host-source","https://ajax.googleapis.com":"host-source","https://analytics.google.com":"host-source","https://api.offerpop.com":"host-source","https://api.wyng.com":"host-source","https://apis.google.com":"host-source","https://beacon.krxd.net":"host-source","https://cdn.cookielaw.org":"host-source","https://cdn.jsdelivr.net":"host-source","https://cdn.krxd.net":"host-source","https://cdn.plyr.io":"host-source","https://cdn.wyng.com":"host-source","https://cdns.eu1.gigya.com":"host-source","https://cdns.gigya.com":"host-source","https://cdns1.gigya.com":"host-source","https://cdns2.gigya.com":"host-source","https://code.jquery.com":"host-source","https://connect.facebook.net":"host-source","https://consumer.krxd.net":"host-source","https://content-api.wyng.com":"host-source","https://cookies-data.onetrust.io":"host-source","https://delivery.twentythree.com":"host-source","https://dev.day.com":"host-source","https://dnsl4xr6unrmf.cloudfront.net":"host-source","https://experiences.wyng.com":"host-source","https://fonts.googleapis.com":"host-source","https://geolocation.onetrust.com":"host-source","https://global-comms-new-workspace.twentythree.com":"host-source","https://globalcomms.23video.com":"host-source","https://i.ytimg.com":"host-source","https://js-agent.newrelic.com":"host-source","https://jslog.krxd.net":"host-source","https://language-mastercomms.23video.com":"host-source","https://lb-1.eu-west-1.mulesoft-cloudhub-nonprod.pmideep.com":"host-source","https://live-chat-static.sprinklr.com":"host-source","https://lottie.host":"host-source","https://maps.googleapis.com":"host-source","https://maps.gstatic.com/":"host-source","https://marlboro-germany.videomarketingplatform.co":"host-source","https://noembed.com/embed":"host-source","https://philipmorrisinternational.gcs-web.com":"host-source","https://pmi-prod-privacy.my.onetrust.com":"host-source","https://pmi.com":"host-source","https://prod-live-chat.sprinklr.com":"host-source","https://proserve-microexperiences.s3.amazonaws.com":"host-source","https://s3.amazonaws.com":"host-source","https://services-api.wyng.com":"host-source","https://sprcdn-assets.sprinklr.com":"host-source","https://spx-components.cdn.sprinklr.com":"host-source","https://stats.g.doubleclick.net":"host-source","https://unpkg.com":"host-source","https://unpkg.com/":"host-source","https://use.typekit.net":"host-source","https://video.pmi.com":"host-source","https://video.twentythree.com":"host-source","https://www.facebook.com":"host-source","https://www.google-analytics.com":"host-source","https://www.google.ch":"host-source","https://www.google.com":"host-source","https://www.google.com.tr":"host-source","https://www.google.com.ua":"host-source","https://www.google.es":"host-source","https://www.google.nl":"host-source","https://www.google.pl":"host-source","https://www.google.rs":"host-source","https://www.googletagmanager.com":"host-source","https://www.gstatic.com":"host-source","https://www.pmi.com":"host-source","https://www.recaptcha.net":"host-source","https://www.youtube-nocookie.com":"host-source","https://www.youtube.com":"host-source","https://wyng.io":"host-source","wss://prod-lc-mqtt-nike.sprinklr.com":"host-source"}},"disposition":"enforce","source":"header","policies":["default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adobeaemcloud.com *.gigya.com *.newrelic.com *.nr-data.net *.pmicom.pmigcpes.com blob: https://*.coveo.com https://*.googletagmanager.com https://ajax.googleapis.com https://apis.google.com https://cdn.cookielaw.org https://code.jquery.com https://dnsl4xr6unrmf.cloudfront.net https://lb-1.eu-west-1.mulesoft-cloudhub-nonprod.pmideep.com https://live-chat-static.sprinklr.com https://maps.googleapis.com https://prod-live-chat.sprinklr.com https://s3.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com; script-src-elem 'self' 'unsafe-inline' *.adobeaemcloud.com *.cloudfront.net *.crwdcntrl.net *.licdn.com *.nr-data.net *.pmicom.pmigcpes.com *.qualtrics.com *.treasuredata.com https://*.coveo.com https://*.gbqofs.com https://*.go-mpulse.net https://ajax.googleapis.com https://analytics.google.com https://apis.google.com https://beacon.krxd.net https://cdn.cookielaw.org https://cdn.krxd.net https://cdns.eu1.gigya.com https://cdns.gigya.com https://code.jquery.com https://connect.facebook.net https://consumer.krxd.net https://js-agent.newrelic.com https://lb-1.eu-west-1.mulesoft-cloudhub-nonprod.pmideep.com https://live-chat-static.sprinklr.com https://maps.googleapis.com https://prod-live-chat.sprinklr.com https://s3.amazonaws.com https://spx-components.cdn.sprinklr.com https://unpkg.com/ https://video.pmi.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com; style-src 'self' 'unsafe-inline' *.adobeaemcloud.com *.pmicom.pmigcpes.com https://*.coveo.com https://cdn.cookielaw.org https://fonts.googleapis.com https://s3.amazonaws.com https://use.typekit.net https://www.googletagmanager.com https://www.pmi.com; connect-src 'self' *.crwdcntrl.net *.google-analytics.com *.linkedin.com *.nr-data.net *.pmigpes.com *.qualtrics.com *.treasuredata.com https://*.coveo.com https://*.gbqofs.io https://*.gigya.com https://*.go-mpulse.net https://ad.doubleclick.net https://ajax.googleapis.com https://analytics.google.com https://api.offerpop.com https://api.wyng.com https://beacon.krxd.net https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdn.plyr.io https://content-api.wyng.com https://cookies-data.onetrust.io https://experiences.wyng.com https://geolocation.onetrust.com https://js-agent.newrelic.com https://jslog.krxd.net https://lb-1.eu-west-1.mulesoft-cloudhub-nonprod.pmideep.com https://live-chat-static.sprinklr.com https://lottie.host https://maps.googleapis.com https://noembed.com/embed https://pmi-prod-privacy.my.onetrust.com https://prod-live-chat.sprinklr.com https://services-api.wyng.com https://stats.g.doubleclick.net https://unpkg.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://wyng.io wss://prod-lc-mqtt-nike.sprinklr.com; font-src 'self' *.adobeaemcloud.com *.cloudfront.net *.googleapis.com *.gstatic.com *.newrelic.com *.nr-data.net *.pmigcpes.com data: https://use.typekit.net; frame-ancestors 'self' https://www.google.com https://www.recaptcha.net; frame-src 'self' *.crwdcntrl.net *.doubleclick.net https://*.gigya.com https://8476719.fls.doubleclick.net https://cdn.cookielaw.org https://cdn.krxd.net https://global-comms-new-workspace.twentythree.com https://globalcomms.23video.com https://language-mastercomms.23video.com https://marlboro-germany.videomarketingplatform.co https://philipmorrisinternational.gcs-web.com https://pmi.com https://video.pmi.com https://www.facebook.com https://www.google.com https://www.pmi.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' *.adobeaemcloud.com *.cloudfront.net *.gigya.com *.linkedin.com *.pmicom.pmigcpes.com *.stopillegal.com/ blob: data: https://*.google-analytics.com https://*.googletagmanager.com https://8476719.fls.doubleclick.net https://beacon.krxd.net https://cdn.cookielaw.org https://cdn.wyng.com https://cdns.eu1.gigya.com https://cdns1.gigya.com https://cdns2.gigya.com https://dev.day.com https://i.ytimg.com https://jslog.krxd.net https://maps.gstatic.com/ https://marlboro-germany.videomarketingplatform.co https://proserve-microexperiences.s3.amazonaws.com https://s3.amazonaws.com https://sprcdn-assets.sprinklr.com https://www.facebook.com https://www.google-analytics.com https://www.google.ch https://www.google.com https://www.google.com.tr https://www.google.com.ua https://www.google.es https://www.google.nl https://www.google.pl https://www.google.rs https://www.googletagmanager.com https://www.pmi.com; manifest-src 'self'; media-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://cdn.wyng.com https://delivery.twentythree.com https://proserve-microexperiences.s3.amazonaws.com https://sprcdn-assets.sprinklr.com https://video.twentythree.com https://www.googletagmanager.com https://www.pmi.com;"],"stats":{"totalHigh":1,"totalMedium":23,"totalLow":7,"totalInfo":0},"recommendations":[{"title":"Usage of unsafe-inline on script-src","severity":"HIGH","directive":"script-src","source":"'unsafe-inline'","message":"The usage of 'unsafe-inline' negates the primary CSP protection against XSS.","recommendation":"Remove 'unsafe-inline'. This will probably require a refactoring of code.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://cdn.cookielaw.org","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://s3.amazonaws.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Unsafe usage of unsafe-eval","severity":"MEDIUM","directive":"script-src","source":"'unsafe-eval'","message":"Using 'unsafe-eval' can sometimes allow arbitrary javascript execution.","recommendation":"Remove 'unsafe-eval' from the script-src. This may require some refactoring or changing of libraries.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing base-uri","severity":"MEDIUM","directive":"base-uri","source":"","message":"If an attacker is able to inject into the \u003chead\u003e of the document, they can spoof a different base-uri resulting in an XSS.","recommendation":"Set base-uri to 'self' or 'none' if possible. base-uri does not fall back to default-src.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.adobeaemcloud.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.gigya.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.newrelic.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.nr-data.net","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.pmicom.pmigcpes.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://*.coveo.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://*.googletagmanager.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://ajax.googleapis.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://apis.google.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://www.youtube.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://code.jquery.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://www.googletagmanager.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://live-chat-static.sprinklr.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://maps.googleapis.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://prod-live-chat.sprinklr.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://dnsl4xr6unrmf.cloudfront.net","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://www.google-analytics.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing path on source for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"https://lb-1.eu-west-1.mulesoft-cloudhub-nonprod.pmideep.com","message":"For sensitive directives, it's best to explicitly define the resource (including the path). This will help minimize attacks such as JSONP, redirects and other CSP bypasses.","recommendation":"For sensitive resources, explicitly define the full paths.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Unsafe usage of unsafe-inline on style-src","severity":"LOW","directive":"style-src","source":"'unsafe-inline'","message":"Using 'unsafe-inline' on style-src allows injection of CSS. This potentially leaves the website open to styling attacks and complex info leaks.","recommendation":"Remove 'unsafe-inline' from the style-src. This might require some refactoring.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of unsafe-inline outside of script/style/default directive","severity":"LOW","directive":"script-src-elem","source":"'unsafe-inline'","message":"'unsafe-inline' is not valid outside of script-src/style-src/default-src","recommendation":"Delete the unsafe-inline","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing form-action","severity":"LOW","directive":"form-action","source":"","message":"There's no defiend form-action. Sometimes form-action abuse can be used to smuggle tokens and other sensitive information out of a page.","recommendation":"Set form-action to 'none' or 'self', or the the most restrictive possible.","docs":"https://csper.io/docs/directives","docsTitle":"directives"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.tr","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Duplicate or unnecessary source","severity":"LOW","directive":"img-src","source":"https://www.google.com.ua","message":"This source is repeated or unnecessary","recommendation":"Consider moving the extra source","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8d9b95e323d879b758070","ts":"2026-04-10T11:06:33.446Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://pfxselect.com/","isHidden":false,"parsedPolicy":{"policy":"default-src 'self'; connect-src 'self' https://register.pfxselect.com https://hexacthost.danfoss.com/HeAuth/; script-src 'self' 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' data:; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none';","directives":{"base-uri":["'self'"],"connect-src":["'self'","https://hexacthost.danfoss.com/HeAuth/","https://register.pfxselect.com"],"default-src":["'self'"],"font-src":["'self'"],"form-action":["'self'"],"frame-ancestors":["'none'"],"img-src":["'self'","data:"],"object-src":["'none'"],"script-src":["'report-sample'","'self'"],"style-src":["'report-sample'","'self'","'unsafe-inline'"]},"directiveOrder":["default-src","connect-src","script-src","style-src","img-src","font-src","object-src","base-uri","form-action","frame-ancestors"],"disposition":"enforce","delivery":"header","sourceMapping":{"'none'":"keyword-source","'report-sample'":"keyword-source","'self'":"keyword-source","'unsafe-inline'":"keyword-source","data:":"scheme-source","https://hexacthost.danfoss.com/HeAuth/":"host-source","https://register.pfxselect.com":"host-source"}},"disposition":"enforce","source":"header","policies":["default-src 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://hexacthost.danfoss.com/HeAuth/ https://register.pfxselect.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data:;"],"stats":{"totalHigh":0,"totalMedium":1,"totalLow":1,"totalInfo":0},"recommendations":[{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Unsafe usage of unsafe-inline on style-src","severity":"LOW","directive":"style-src","source":"'unsafe-inline'","message":"Using 'unsafe-inline' on style-src allows injection of CSS. This potentially leaves the website open to styling attacks and complex info leaks.","recommendation":"Remove 'unsafe-inline' from the style-src. This might require some refactoring.","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8d53a5e323d879b75806f","ts":"2026-04-10T10:47:22.718Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://pfxselect.com/","isHidden":false,"parsedPolicy":{"policy":"default-src 'self'; connect-src 'self' https://register.pfxselect.com https://hexacthost.danfoss.com/HeAuth/; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none';","directives":{"base-uri":["'self'"],"connect-src":["'self'","https://hexacthost.danfoss.com/HeAuth/","https://register.pfxselect.com"],"default-src":["'self'"],"font-src":["'self'"],"form-action":["'self'"],"frame-ancestors":["'none'"],"img-src":["'self'","data:"],"object-src":["'none'"],"script-src":["'self'"],"style-src":["'self'","'unsafe-inline'"]},"directiveOrder":["default-src","connect-src","script-src","style-src","img-src","font-src","object-src","base-uri","form-action","frame-ancestors"],"disposition":"enforce","delivery":"header","sourceMapping":{"'none'":"keyword-source","'self'":"keyword-source","'unsafe-inline'":"keyword-source","data:":"scheme-source","https://hexacthost.danfoss.com/HeAuth/":"host-source","https://register.pfxselect.com":"host-source"}},"disposition":"enforce","source":"header","policies":["default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://hexacthost.danfoss.com/HeAuth/ https://register.pfxselect.com; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data:;"],"stats":{"totalHigh":0,"totalMedium":1,"totalLow":3,"totalInfo":0},"recommendations":[{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Unsafe usage of unsafe-inline on style-src","severity":"LOW","directive":"style-src","source":"'unsafe-inline'","message":"Using 'unsafe-inline' on style-src allows injection of CSS. This potentially leaves the website open to styling attacks and complex info leaks.","recommendation":"Remove 'unsafe-inline' from the style-src. This might require some refactoring.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8bea7bb3094b4229b637d","ts":"2026-04-10T09:11:03.508Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://uat.developer.citi.com/","isHidden":false,"parsedPolicy":{"policy":"frame-ancestors 'self'; default-src 'self' *.citivelocity.com *.citi-tts-uat.gbqofs.io https://geolocation.onetrust.com https://nexus.ensighten.com *.qualtrics.com *.kaltura.com *.tiny.cloud *.tinymce.com *.citi.com *.alicdn.com data: blob: mediastream: filesystem: about: wss: ws:; script-src 'self' *.qualtrics.com *.kaltura.com *.tiny.cloud *.tinymce.com *.alicdn.com blob: 'unsafe-inline'; object-src 'self'; style-src 'self' https: blob: 'unsafe-inline'","directives":{"default-src":["'self'","*.alicdn.com","*.citi-tts-uat.gbqofs.io","*.citi.com","*.citivelocity.com","*.kaltura.com","*.qualtrics.com","*.tiny.cloud","*.tinymce.com","about:","blob:","data:","filesystem:","https://geolocation.onetrust.com","https://nexus.ensighten.com","mediastream:","ws:","wss:"],"frame-ancestors":["'self'"],"object-src":["'self'"],"script-src":["'self'","'unsafe-inline'","*.alicdn.com","*.kaltura.com","*.qualtrics.com","*.tiny.cloud","*.tinymce.com","blob:"],"style-src":["'self'","'unsafe-inline'","blob:","https:"]},"directiveOrder":["frame-ancestors","default-src","script-src","object-src","style-src"],"disposition":"enforce","delivery":"header","sourceMapping":{"'self'":"keyword-source","'unsafe-inline'":"keyword-source","*.alicdn.com":"host-source","*.citi-tts-uat.gbqofs.io":"host-source","*.citi.com":"host-source","*.citivelocity.com":"host-source","*.kaltura.com":"host-source","*.qualtrics.com":"host-source","*.tiny.cloud":"host-source","*.tinymce.com":"host-source","about:":"scheme-source","blob:":"scheme-source","data:":"scheme-source","filesystem:":"scheme-source","https:":"scheme-source","https://geolocation.onetrust.com":"host-source","https://nexus.ensighten.com":"host-source","mediastream:":"scheme-source","ws:":"scheme-source","wss:":"scheme-source"}},"disposition":"enforce","source":"header","policies":["default-src 'self' *.alicdn.com *.citi-tts-uat.gbqofs.io *.citi.com *.citivelocity.com *.kaltura.com *.qualtrics.com *.tiny.cloud *.tinymce.com about: blob: data: filesystem: https://geolocation.onetrust.com https://nexus.ensighten.com mediastream: ws: wss:; script-src 'self' 'unsafe-inline' *.alicdn.com *.kaltura.com *.qualtrics.com *.tiny.cloud *.tinymce.com blob:; style-src 'self' 'unsafe-inline' blob: https:; object-src 'self'; frame-ancestors 'self';"],"stats":{"totalHigh":7,"totalMedium":16,"totalLow":4,"totalInfo":0},"recommendations":[{"title":"Usage of permissive scheme-source in sensitive directive","severity":"HIGH","directive":"default-src","source":"wss:","message":"Using an unsafe scheme/source in a sensitive directive bypasses the primary benefit of CSP.","recommendation":"Remove the unsafe source/scheme","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of unsafe-inline on script-src","severity":"HIGH","directive":"script-src","source":"'unsafe-inline'","message":"The usage of 'unsafe-inline' negates the primary CSP protection against XSS.","recommendation":"Remove 'unsafe-inline'. This will probably require a refactoring of code.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of permissive scheme-source in sensitive directive","severity":"HIGH","directive":"default-src","source":"about:","message":"Using an unsafe scheme/source in a sensitive directive bypasses the primary benefit of CSP.","recommendation":"Remove the unsafe source/scheme","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of permissive scheme-source in sensitive directive","severity":"HIGH","directive":"default-src","source":"data:","message":"Using an unsafe scheme/source in a sensitive directive bypasses the primary benefit of CSP.","recommendation":"Remove the unsafe source/scheme","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of permissive scheme-source in sensitive directive","severity":"HIGH","directive":"default-src","source":"filesystem:","message":"Using an unsafe scheme/source in a sensitive directive bypasses the primary benefit of CSP.","recommendation":"Remove the unsafe source/scheme","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of permissive scheme-source in sensitive directive","severity":"HIGH","directive":"default-src","source":"mediastream:","message":"Using an unsafe scheme/source in a sensitive directive bypasses the primary benefit of CSP.","recommendation":"Remove the unsafe source/scheme","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Usage of permissive scheme-source in sensitive directive","severity":"HIGH","directive":"default-src","source":"ws:","message":"Using an unsafe scheme/source in a sensitive directive bypasses the primary benefit of CSP.","recommendation":"Remove the unsafe source/scheme","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.tiny.cloud","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"default-src","source":"*.tiny.cloud","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.alicdn.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.kaltura.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.qualtrics.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Non-encrypted loading of external assets (http: / ws:)","severity":"MEDIUM","directive":"default-src","source":"ws:","message":"Allowing content over insecure channels can allow allow snooping and tampering of data","recommendation":"Ensure that all content is loaded over secure channels. Remove http: and ws:","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"script-src","source":"*.tinymce.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"default-src","source":"*.alicdn.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"default-src","source":"*.citi-tts-uat.gbqofs.io","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"default-src","source":"*.citi.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"default-src","source":"*.citivelocity.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"default-src","source":"*.kaltura.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"default-src","source":"*.qualtrics.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing base-uri","severity":"MEDIUM","directive":"base-uri","source":"","message":"If an attacker is able to inject into the \u003chead\u003e of the document, they can spoof a different base-uri resulting in an XSS.","recommendation":"Set base-uri to 'self' or 'none' if possible. base-uri does not fall back to default-src.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Wildcard in origin for sensitive directive","severity":"MEDIUM","directive":"default-src","source":"*.tinymce.com","message":"It's best to minimize the locations from where sensitive content can be loaded from. A wildcard in a domain can open up the possibility of a number of tricky attacks including JSONP, redirects, insecure libs and more.","recommendation":"Restrict domains to the host if possible.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Missing form-action","severity":"LOW","directive":"form-action","source":"","message":"There's no defiend form-action. Sometimes form-action abuse can be used to smuggle tokens and other sensitive information out of a page.","recommendation":"Set form-action to 'none' or 'self', or the the most restrictive possible.","docs":"https://csper.io/docs/directives","docsTitle":"directives"},{"title":"Unsafe usage of unsafe-inline on style-src","severity":"LOW","directive":"style-src","source":"'unsafe-inline'","message":"Using 'unsafe-inline' on style-src allows injection of CSS. This potentially leaves the website open to styling attacks and complex info leaks.","recommendation":"Remove 'unsafe-inline' from the style-src. This might require some refactoring.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8b04a5e323d879b758068","ts":"2026-04-10T08:09:46.898Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://www.12cloudpayroll.com","isHidden":false,"parsedPolicy":{"policy":"frame-ancestors 'self' https://www.youtube.com http://www.google-analytics.com https://www.google-analytics.com https://www.google.com https://www.googleapis.com https://i.ytimg.com;","directives":{"frame-ancestors":["'self'","http://www.google-analytics.com","https://i.ytimg.com","https://www.google-analytics.com","https://www.google.com","https://www.googleapis.com","https://www.youtube.com"]},"directiveOrder":["frame-ancestors"],"disposition":"enforce","delivery":"header","sourceMapping":{"'self'":"keyword-source","http://www.google-analytics.com":"host-source","https://i.ytimg.com":"host-source","https://www.google-analytics.com":"host-source","https://www.google.com":"host-source","https://www.googleapis.com":"host-source","https://www.youtube.com":"host-source"}},"disposition":"enforce","source":"header","policies":["frame-ancestors 'self' http://www.google-analytics.com https://i.ytimg.com https://www.google-analytics.com https://www.google.com https://www.googleapis.com https://www.youtube.com;"],"stats":{"totalHigh":2,"totalMedium":3,"totalLow":3,"totalInfo":0},"recommendations":[{"title":"Missing object-src (no default-src)","severity":"HIGH","directive":"object-src","source":"","message":"object-src is a sensitive directive that may allow XSS (or similar) if missing.","recommendation":"Set object-src to 'none' or the bare minimum necessary.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing script-src (no default src)","severity":"HIGH","directive":"script","source":"","message":"script-src is a sensitive directive that may allow XSS (or similar) if missing.","recommendation":"Set script-src to 'none' or the bare minimum necessary.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing base-uri","severity":"MEDIUM","directive":"base-uri","source":"","message":"If an attacker is able to inject into the \u003chead\u003e of the document, they can spoof a different base-uri resulting in an XSS.","recommendation":"Set base-uri to 'self' or 'none' if possible. base-uri does not fall back to default-src.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Non-encrypted loading of external assets (http: / ws:)","severity":"MEDIUM","directive":"frame-ancestors","source":"http://www.google-analytics.com","message":"Allowing content over insecure channels can allow allow snooping and tampering of data","recommendation":"Ensure that all content is loaded over secure channels. Remove http: and ws:","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing form-action","severity":"LOW","directive":"form-action","source":"","message":"There's no defiend form-action. Sometimes form-action abuse can be used to smuggle tokens and other sensitive information out of a page.","recommendation":"Set form-action to 'none' or 'self', or the the most restrictive possible.","docs":"https://csper.io/docs/directives","docsTitle":"directives"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d8abe9bb3094b4229b6372","ts":"2026-04-10T07:51:05.091Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://tradenablextra.aig.com","isHidden":false,"parsedPolicy":{"policy":"default-src 'self'; frame-ancestors 'self'; frame-src 'self' aigtech.okta.com; img-src 'self' www.gstatic.com; script-src 'self' 'nonce-RehRrlS1KK5hhqyxFOdF2LjWYqRzpIcyL7lvtLWIUW8=' 'report-sample' https://www.google.com/recaptcha/api.js; style-src 'self' 'report-sample'; connect-src 'self' insights-collector.newrelic.com https://auth1.customerpltfm.aig.com; font-src 'self' fonts.gstatic.com at.alicdn.com; form-action 'self'; object-src 'none'; base-URI 'self'; report-uri https://aronova.report-uri.com/r/d/csp/enforce","directives":{"base-uri":["'self'"],"connect-src":["'self'","https://auth1.customerpltfm.aig.com","insights-collector.newrelic.com"],"default-src":["'self'"],"font-src":["'self'","at.alicdn.com","fonts.gstatic.com"],"form-action":["'self'"],"frame-ancestors":["'self'"],"frame-src":["'self'","aigtech.okta.com"],"img-src":["'self'","www.gstatic.com"],"object-src":["'none'"],"report-uri":["https://aronova.report-uri.com/r/d/csp/enforce"],"script-src":["'nonce-RehRrlS1KK5hhqyxFOdF2LjWYqRzpIcyL7lvtLWIUW8='","'report-sample'","'self'","https://www.google.com/recaptcha/api.js"],"style-src":["'report-sample'","'self'"]},"directiveOrder":["default-src","frame-ancestors","frame-src","img-src","script-src","style-src","connect-src","font-src","form-action","object-src","base-uri","report-uri"],"disposition":"enforce","delivery":"header","sourceMapping":{"'nonce-RehRrlS1KK5hhqyxFOdF2LjWYqRzpIcyL7lvtLWIUW8='":"nonce-source","'none'":"keyword-source","'report-sample'":"keyword-source","'self'":"keyword-source","aigtech.okta.com":"host-source","at.alicdn.com":"host-source","fonts.gstatic.com":"host-source","https://aronova.report-uri.com/r/d/csp/enforce":"host-source","https://auth1.customerpltfm.aig.com":"host-source","https://www.google.com/recaptcha/api.js":"host-source","insights-collector.newrelic.com":"host-source","www.gstatic.com":"host-source"}},"disposition":"enforce","source":"header","policies":["default-src 'self'; script-src 'nonce-RehRrlS1KK5hhqyxFOdF2LjWYqRzpIcyL7lvtLWIUW8=' 'report-sample' 'self' https://www.google.com/recaptcha/api.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://auth1.customerpltfm.aig.com insights-collector.newrelic.com; font-src 'self' at.alicdn.com fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' aigtech.okta.com; img-src 'self' www.gstatic.com; report-uri https://aronova.report-uri.com/r/d/csp/enforce;"],"stats":{"totalHigh":0,"totalMedium":0,"totalLow":0,"totalInfo":0},"recommendations":[]},{"id":"69d895f95e323d879b758060","ts":"2026-04-10T06:17:29.85Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://remote.sigurd.com.tw","isHidden":false,"parsedPolicy":{"policy":"default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-scr 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data:","directives":{"default-src":["'self'"],"img-src":["'self'","data:"],"script-src":["'self'","'unsafe-eval'","'unsafe-inline'"],"style-scr":["'self'","'unsafe-inline'","'unsafe-eval'"]},"directiveOrder":["default-src","script-src","style-scr","img-src"],"disposition":"enforce","delivery":"header","sourceMapping":{"'self'":"keyword-source","'unsafe-eval'":"keyword-source","'unsafe-inline'":"keyword-source","data:":"scheme-source"}},"disposition":"enforce","source":"header","policies":["default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:;"],"stats":{"totalHigh":1,"totalMedium":4,"totalLow":3,"totalInfo":0},"recommendations":[{"title":"Usage of unsafe-inline on script-src","severity":"HIGH","directive":"script-src","source":"'unsafe-inline'","message":"The usage of 'unsafe-inline' negates the primary CSP protection against XSS.","recommendation":"Remove 'unsafe-inline'. This will probably require a refactoring of code.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Unsafe usage of unsafe-eval","severity":"MEDIUM","directive":"script-src","source":"'unsafe-eval'","message":"Using 'unsafe-eval' can sometimes allow arbitrary javascript execution.","recommendation":"Remove 'unsafe-eval' from the script-src. This may require some refactoring or changing of libraries.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing object-src (with non-restrictive default-src)","severity":"MEDIUM","directive":"object-src","source":"","message":"object-src is a sensitive directive that may allow XSS (or similar) if missing.","recommendation":"Set object-src to 'none' or the bare minimum necessary.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing base-uri","severity":"MEDIUM","directive":"base-uri","source":"","message":"If an attacker is able to inject into the \u003chead\u003e of the document, they can spoof a different base-uri resulting in an XSS.","recommendation":"Set base-uri to 'self' or 'none' if possible. base-uri does not fall back to default-src.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Missing form-action","severity":"LOW","directive":"form-action","source":"","message":"There's no defiend form-action. Sometimes form-action abuse can be used to smuggle tokens and other sensitive information out of a page.","recommendation":"Set form-action to 'none' or 'self', or the the most restrictive possible.","docs":"https://csper.io/docs/directives","docsTitle":"directives"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d895f75e323d879b75805f","ts":"2026-04-10T06:17:27.968Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://remote.sigurd.com.tw","isHidden":false,"parsedPolicy":{"policy":"default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-scr 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data:","directives":{"default-src":["'self'"],"img-src":["'self'","data:"],"script-src":["'self'","'unsafe-eval'","'unsafe-inline'"],"style-scr":["'self'","'unsafe-inline'","'unsafe-eval'"]},"directiveOrder":["default-src","script-src","style-scr","img-src"],"disposition":"enforce","delivery":"header","sourceMapping":{"'self'":"keyword-source","'unsafe-eval'":"keyword-source","'unsafe-inline'":"keyword-source","data:":"scheme-source"}},"disposition":"enforce","source":"header","policies":["default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:;"],"stats":{"totalHigh":1,"totalMedium":4,"totalLow":3,"totalInfo":0},"recommendations":[{"title":"Usage of unsafe-inline on script-src","severity":"HIGH","directive":"script-src","source":"'unsafe-inline'","message":"The usage of 'unsafe-inline' negates the primary CSP protection against XSS.","recommendation":"Remove 'unsafe-inline'. This will probably require a refactoring of code.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Unsafe usage of unsafe-eval","severity":"MEDIUM","directive":"script-src","source":"'unsafe-eval'","message":"Using 'unsafe-eval' can sometimes allow arbitrary javascript execution.","recommendation":"Remove 'unsafe-eval' from the script-src. This may require some refactoring or changing of libraries.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing object-src (with non-restrictive default-src)","severity":"MEDIUM","directive":"object-src","source":"","message":"object-src is a sensitive directive that may allow XSS (or similar) if missing.","recommendation":"Set object-src to 'none' or the bare minimum necessary.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing base-uri","severity":"MEDIUM","directive":"base-uri","source":"","message":"If an attacker is able to inject into the \u003chead\u003e of the document, they can spoof a different base-uri resulting in an XSS.","recommendation":"Set base-uri to 'self' or 'none' if possible. base-uri does not fall back to default-src.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Missing form-action","severity":"LOW","directive":"form-action","source":"","message":"There's no defiend form-action. Sometimes form-action abuse can be used to smuggle tokens and other sensitive information out of a page.","recommendation":"Set form-action to 'none' or 'self', or the the most restrictive possible.","docs":"https://csper.io/docs/directives","docsTitle":"directives"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]},{"id":"69d895085e323d879b75805e","ts":"2026-04-10T06:13:28.263Z","ProjectID":"000000000000000000000000","PolicyID":"000000000000000000000000","isURL":true,"URL":"https://remote.sigurd.com.tw/logon/LogonPoint/tmindex.html","isHidden":false,"parsedPolicy":{"policy":"default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-scr 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data:","directives":{"default-src":["'self'"],"img-src":["'self'","data:"],"script-src":["'self'","'unsafe-eval'","'unsafe-inline'"],"style-scr":["'self'","'unsafe-inline'","'unsafe-eval'"]},"directiveOrder":["default-src","script-src","style-scr","img-src"],"disposition":"enforce","delivery":"header","sourceMapping":{"'self'":"keyword-source","'unsafe-eval'":"keyword-source","'unsafe-inline'":"keyword-source","data:":"scheme-source"}},"disposition":"enforce","source":"header","policies":["default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:;"],"stats":{"totalHigh":1,"totalMedium":4,"totalLow":3,"totalInfo":0},"recommendations":[{"title":"Usage of unsafe-inline on script-src","severity":"HIGH","directive":"script-src","source":"'unsafe-inline'","message":"The usage of 'unsafe-inline' negates the primary CSP protection against XSS.","recommendation":"Remove 'unsafe-inline'. This will probably require a refactoring of code.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Unsafe usage of unsafe-eval","severity":"MEDIUM","directive":"script-src","source":"'unsafe-eval'","message":"Using 'unsafe-eval' can sometimes allow arbitrary javascript execution.","recommendation":"Remove 'unsafe-eval' from the script-src. This may require some refactoring or changing of libraries.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing object-src (with non-restrictive default-src)","severity":"MEDIUM","directive":"object-src","source":"","message":"object-src is a sensitive directive that may allow XSS (or similar) if missing.","recommendation":"Set object-src to 'none' or the bare minimum necessary.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing base-uri","severity":"MEDIUM","directive":"base-uri","source":"","message":"If an attacker is able to inject into the \u003chead\u003e of the document, they can spoof a different base-uri resulting in an XSS.","recommendation":"Set base-uri to 'self' or 'none' if possible. base-uri does not fall back to default-src.","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing reporting endpoint","severity":"MEDIUM","directive":"report-uri","source":"","message":"Reporting endpoints give website owners into when and where their CSP policy isn't working correctly.","recommendation":"Start using a reporting endpoint to capture and analyze your CSP violations. https://csper.io is a reporting endpoint.","docs":"https://csper.io/docs/report-uri","docsTitle":"report-uri"},{"title":"Missing form-action","severity":"LOW","directive":"form-action","source":"","message":"There's no defiend form-action. Sometimes form-action abuse can be used to smuggle tokens and other sensitive information out of a page.","recommendation":"Set form-action to 'none' or 'self', or the the most restrictive possible.","docs":"https://csper.io/docs/directives","docsTitle":"directives"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"script-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"},{"title":"Missing 'report-sample'","severity":"LOW","directive":"style-src","source":"report-sample","message":"'report-sample' is a keyword that instructs the browser to include the first 40 characters of the violating inline resource in the report-uri violation report. This can greatly help debug which resources are causing a violation.","recommendation":"Consider adding 'report-sample' to the directive group (script-src/style-src).","docs":"https://csper.io/docs/sources","docsTitle":"sources"}]}]