script-src | Scripts | 'none''self''unsafe-inline''unsafe-eval''<HASH>'
| Yes | script-src stripe.com *.stripe.com ; |
connect-src | Connections | 'none''self''unsafe-inline''unsafe-eval''<HASH>'
` | Yes | connect-src 'unsafe-inline' https://www.shop.stg.bcxg.sfcc-store-internal.net ; |
default-src | Default | 'none''self''unsafe-inline''unsafe-eval''<HASH>'
| No | default-src *.js.stripe.com 'unsafe-eval' 'unsafe-inline' ; |
img-src | Images | 'none''self''unsafe-inline''unsafe-eval''<HASH>'
| No | img-src 'self' 'unsafe-inline' ; |
style-src | Styles | 'none''self''unsafe-inline''unsafe-eval''<HASH>'
| No | |
font-src | Fonts | 'none''self''unsafe-inline''unsafe-eval''<HASH>'
| No | |
object-src | Objects | 'none''self''unsafe-inline''unsafe-eval''<HASH>'
| No | |
media-src | Media | 'none''self''unsafe-inline''unsafe-eval''<HASH>'
| No | |
child-src | Child | 'none''self''unsafe-inline''unsafe-eval''<HASH>'
| No | |
form-action | Form actions | 'none''self''unsafe-inline''unsafe-eval''<HASH>'
| No | |
worker-src | Workers | 'none''self''unsafe-inline''unsafe-eval''<HASH>'
| No | |
base-uri | Base URI | 'none''self''unsafe-inline''unsafe-eval''<HASH>'
| No | |
manifest-src | Manifests | 'none''self''unsafe-inline''unsafe-eval''<HASH>'
| No | |
frame-src | Frames | 'none''self''unsafe-inline''unsafe-eval''<HASH>'
| No | |
frame-ancestors | Frame ancestors | | No | |
upgrade-insecure-requests | Upgrade insecure requests | N/A | No | |