Values for x-permitted-cross-domain-policies: none 43,108 master-only 3,169 none; 115 all 93 value 15 by-content-type 9 : none 8 'none' 7 self 6 'master-only'; 5 “none” 5 "none" 4 master-only; 3 origin-when-cross-origin 3 "master-only" 3 * 2 2 always 2 require-corp 2 ‘none’ 2 master-only, master-only 2 "master-only"; 2 same-origin 2 https://js.hs-scripts.com/43541275.js 1 ALLOW-FROM https://www.linkedin.com 1 script-src 'self' 1 max-age=63072000; 1 none, none 1 X-Permitted-Cross-Domain-Policies 1 'master-only' | 'none' 1 frame-ancestors 'self';block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.in5.nopaperforms.com https://*.google.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net https://googleads.g.doubleclick.net https://googletagmanager.com https://graph.facebook.com https://js.facebook.com https://owlcarousel2.github.io https://script.hotjar.com https://static.hotjar.com https://track.nopaperforms.com https://tagmanager.google.com https://www.googletagmanager.com;style-src 'self' 'report-sample' 'unsafe-inline' *.google.com ajax.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com owlcarousel2.github.io www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.facebook.com *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net www.googletagmanager.com;base-uri 'self';form-action 'self' *.facebook.com *.google.com connect.facebook.net;worker-src 'self' blob: www.google.com; 1 : master-only 1 upgrade-insecure-requests; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com *.lytics.io js.jebbit.com blob:; media-src 'self' videos.ctfassets.net *.iesnare.com data:; manifest-src 'self' login.windows.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org script.crazyegg.com js.jebbit.com js.adsrvr.org connect.facebook.net z.moatads.com cdn.segment.com pghub.io www.youtube.com *.lytics.io *.bazaarvoice.com *.pricespider.com cdnjs.cloudflare.com *.mapbox.com *.iesnare.com; font-src 'self' data: ; frame-ancestors 'none'; frame-src 'self' insight.adsrvr.org *.doubleclick.net feed.pghub.io www.facebook.com consumersupport.pg.com pgnagain.jebbit.com jebbit.ilovegain.com www.youtube.com pg-lex.my.salesforce-sites.com; img-src 'self' data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com pixel.tapad.com *.doubleclick.net www.facebook.com *.lytics.io *.akamaihd.net *.moatads.com *.pricespider.com *.bazaarvoice.com i.ytimg.com cdn.cookielaw.org; connect-src 'self' *.google-analytics.com *.cookielaw.org *.jebbit.com *.doubleclick.net *.crazyegg.com *.adsrvr.org *.segment.com *.segment.io *.bazaarvoice.com *.pricespider.com *.mapbox.com geolocation-db.com *.algolia.net *.algolianet.com wss:; base-uri 'none'; default-src 'none'; 1 DENY 1 2 1