Values for x-permitted-cross-domain-policies:
none 43,108
master-only 3,169
none; 115
all 93
value 15
by-content-type 9
: none 8
'none' 7
self 6
'master-only'; 5
“none” 5
"none" 4
master-only; 3
origin-when-cross-origin 3
"master-only" 3
* 2
2
always 2
require-corp 2
‘none’ 2
master-only, master-only 2
"master-only"; 2
same-origin 2
https://js.hs-scripts.com/43541275.js 1
ALLOW-FROM https://www.linkedin.com 1
script-src 'self' 1
max-age=63072000; 1
none, none 1
X-Permitted-Cross-Domain-Policies 1
'master-only' | 'none' 1
frame-ancestors 'self';block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.in5.nopaperforms.com https://*.google.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net https://googleads.g.doubleclick.net https://googletagmanager.com https://graph.facebook.com https://js.facebook.com https://owlcarousel2.github.io https://script.hotjar.com https://static.hotjar.com https://track.nopaperforms.com https://tagmanager.google.com https://www.googletagmanager.com;style-src 'self' 'report-sample' 'unsafe-inline' *.google.com ajax.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com owlcarousel2.github.io www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.facebook.com *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net www.googletagmanager.com;base-uri 'self';form-action 'self' *.facebook.com *.google.com connect.facebook.net;worker-src 'self' blob: www.google.com; 1
: master-only 1
upgrade-insecure-requests;         worker-src 'self' blob:;         style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com *.lytics.io js.jebbit.com blob:;         media-src 'self' videos.ctfassets.net *.iesnare.com data:;         manifest-src 'self' login.windows.net;         script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org script.crazyegg.com js.jebbit.com js.adsrvr.org connect.facebook.net z.moatads.com cdn.segment.com pghub.io www.youtube.com *.lytics.io *.bazaarvoice.com *.pricespider.com cdnjs.cloudflare.com *.mapbox.com *.iesnare.com;         font-src 'self' data: ;         frame-ancestors 'none';         frame-src  'self' insight.adsrvr.org *.doubleclick.net feed.pghub.io www.facebook.com consumersupport.pg.com pgnagain.jebbit.com jebbit.ilovegain.com www.youtube.com pg-lex.my.salesforce-sites.com;         img-src 'self' data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com pixel.tapad.com *.doubleclick.net www.facebook.com *.lytics.io *.akamaihd.net *.moatads.com *.pricespider.com *.bazaarvoice.com i.ytimg.com cdn.cookielaw.org;          connect-src 'self' *.google-analytics.com *.cookielaw.org *.jebbit.com *.doubleclick.net *.crazyegg.com *.adsrvr.org *.segment.com *.segment.io *.bazaarvoice.com *.pricespider.com *.mapbox.com geolocation-db.com *.algolia.net *.algolianet.com wss:;          base-uri 'none';         default-src 'none'; 1
DENY 1
2 1