| error | security | - URL
- https://med-fit.hu/
- Text
- Refused to apply style from 'https://med-fit.hu/media/porto/web/css/animate.optimized.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
|
| error | security | - URL
- https://med-fit.hu/
- Text
- Refused to apply style from 'https://med-fit.hu/media/porto/web/css/header/type1.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
|
| error | security | - URL
- https://med-fit.hu/
- Text
- Refused to apply style from 'https://med-fit.hu/media/porto/web/bootstrap/css/bootstrap.optimized.min.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
|
| error | security | - URL
- https://med-fit.hu/
- Text
- Refused to apply style from 'https://med-fit.hu/media/porto/web/css/custom.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
|
| error | security | - URL
- https://med-fit.hu/
- Text
- Refused to apply style from 'https://med-fit.hu/media/porto/configed_css/settings_hu.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
|
| error | security | - URL
- https://med-fit.hu/
- Text
- Refused to apply style from 'https://med-fit.hu/media/porto/configed_css/design_hu.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
|
| error | security | - URL
- https://med-fit.hu/
- Text
- Refused to apply style from 'https://med-fit.hu/media/porto/web/css/header/type1.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
|
| error | security | - URL
- https://med-fit.hu/
- Text
- Refused to apply style from 'https://med-fit.hu/media/porto/web/css/custom.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
|
| error | security | - URL
- https://med-fit.hu/
- Text
- Refused to apply style from 'https://med-fit.hu/media/porto/web/bootstrap/css/bootstrap.optimized.min.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
|
| error | security | - URL
- https://med-fit.hu/
- Text
- Refused to apply style from 'https://med-fit.hu/media/porto/configed_css/settings_hu.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
|
| error | security | - URL
- https://med-fit.hu/
- Text
- Refused to apply style from 'https://med-fit.hu/media/porto/web/css/animate.optimized.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
|
| error | security | - URL
- https://med-fit.hu/
- Text
- Refused to apply style from 'https://med-fit.hu/media/porto/configed_css/design_hu.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
|
| error | security | - URL
- https://www.googletagmanager.com/
- Text
- [Report Only] Refused to frame 'https://www.googletagmanager.com/' because it violates the following Content Security Policy directive: "frame-src 'self' fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com".
|
| error | security | - URL
- https://www.googletagmanager.com/
- Text
- [Report Only] Refused to frame 'https://www.googletagmanager.com/' because it violates the following Content Security Policy directive: "frame-src 'self' fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com".
|
| error | security | - URL
- https://www.googletagmanager.com/gtm.js?id=GTM-MNVG8Q7
- Text
- [Report Only] Refused to load the script 'https://static.hotjar.com/c/hotjar-3129066.js?sv=7' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
|
| error | security | - Text
- [Report Only] Refused to load the script 'https://assets.anytrack.io/QLabt8WU7Nrr.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
|
| error | security | - URL
- https://www.googletagmanager.com/gtm.js?id=GTM-MNVG8Q7
- Text
- [Report Only] Refused to load the script 'https://static.zdassets.com/ekr/snippet.js?key=7e650655-8d74-4658-bb40-ec93147c42ec' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
|
| error | security | - URL
- https://static.zdassets.com/ekr/snippet.js?key=7e650655-8d74-4658-bb40-ec93147c42ec
- Text
- [Report Only] Refused to connect to 'https://ekr.zdassets.com/compose/7e650655-8d74-4658-bb40-ec93147c42ec' because it violates the following Content Security Policy directive: "connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://static.zdassets.com/ekr/snippet.js?key=7e650655-8d74-4658-bb40-ec93147c42ec
- Text
- [Report Only] Refused to connect to 'https://ekr.zdassets.com/compose/7e650655-8d74-4658-bb40-ec93147c42ec' because it violates the following Content Security Policy directive: "connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'".
|
| error | security | - Text
- [Report Only] Refused to load the script 'https://assets.anytrack.io/QLabt8WU7Nrr.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
|
| error | security | - URL
- https://www.googletagmanager.com/gtag/destination?id=AW-327407344&l=dataLayer&cx=c>m=45He51l0v870972451za200
- Text
- [Report Only] Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-J2FENKSYNZ&cid=1147632876.1737556758>m=45be51l0v896448241z8870972451za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=102067555~102067808~102081485~102123607~102308675' because it violates the following Content Security Policy directive: "connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://www.googletagmanager.com/gtag/destination?id=AW-327407344&l=dataLayer&cx=c>m=45He51l0v870972451za200
- Text
- [Report Only] Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-J2FENKSYNZ&cid=1147632876.1737556758>m=45be51l0v896448241z8870972451za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=102067555~102067808~102081485~102123607~102308675' because it violates the following Content Security Policy directive: "connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://med-fit.hu/
- Text
- [Report Only] Refused to load the image 'https://www.google.es/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-J2FENKSYNZ&cid=1147632876.1737556758>m=45be51l0v896448241z8870972451za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=102067555~102067808~102081485~102123607~102308675&tag_exp=102067555~102067808~102081485~102123607~102308675&z=2130945543' because it violates the following Content Security Policy directive: "img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.paypal.com *.typekit.net *.gstatic.com validator.swagger.io *.tile.openstreetmap.org *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://static.hotjar.com/c/hotjar-3129066.js?sv=7
- Text
- [Report Only] Refused to load the script 'https://script.hotjar.com/modules.1f3821f9cafd68374ab2.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
|
| error | security | - URL
- https://static.zdassets.com/ekr/snippet.js?key=7e650655-8d74-4658-bb40-ec93147c42ec
- Text
- [Report Only] Refused to load the script 'https://static.zdassets.com/web_widget/classic/latest/web-widget-main-c88ad82.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
|
| error | security | - URL
- https://script.hotjar.com/modules.1f3821f9cafd68374ab2.js
- Text
- [Report Only] Refused to connect to 'wss://ws.hotjar.com/api/v2/client/ws?v=7&site_id=3129066' because it violates the following Content Security Policy directive: "connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://script.hotjar.com/modules.1f3821f9cafd68374ab2.js
- Text
- [Report Only] Refused to load the script 'https://script.hotjar.com/survey-v2.0b1795a12a9371db684b.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
|
| error | security | - URL
- https://script.hotjar.com/modules.1f3821f9cafd68374ab2.js
- Text
- [Report Only] Refused to connect to 'https://content.hotjar.io/?site_id=3129066&gzip=1' because it violates the following Content Security Policy directive: "connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://script.hotjar.com/survey-v2.0b1795a12a9371db684b.js
- Text
- [Report Only] Refused to load the font 'https://script.hotjar.com/font-hotjar_5.65042d.woff2' because it violates the following Content Security Policy directive: "font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://script.hotjar.com/survey-v2.0b1795a12a9371db684b.js
- Text
- [Report Only] Refused to load the font 'https://script.hotjar.com/font-hotjar_5.0ddfe2.ttf' because it violates the following Content Security Policy directive: "font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://script.hotjar.com/survey-v2.0b1795a12a9371db684b.js
- Text
- [Report Only] Refused to load the font 'https://script.hotjar.com/font-hotjar_5.17b429.woff' because it violates the following Content Security Policy directive: "font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://script.hotjar.com/survey-v2.0b1795a12a9371db684b.js
- Text
- [Report Only] Refused to load the font 'https://script.hotjar.com/Roboto-Regular.422781.woff2' because it violates the following Content Security Policy directive: "font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://script.hotjar.com/survey-v2.0b1795a12a9371db684b.js
- Text
- [Report Only] Refused to load the font 'https://script.hotjar.com/Roboto-Regular.376ea5.woff' because it violates the following Content Security Policy directive: "font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://script.hotjar.com/survey-v2.0b1795a12a9371db684b.js
- Text
- [Report Only] Refused to load the font 'https://script.hotjar.com/Roboto-Medium.ef8bb0.woff2' because it violates the following Content Security Policy directive: "font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://script.hotjar.com/survey-v2.0b1795a12a9371db684b.js
- Text
- [Report Only] Refused to load the font 'https://script.hotjar.com/Roboto-Medium.52cb73.woff' because it violates the following Content Security Policy directive: "font-src fonts.gstatic.com use.typekit.net *.typekit.net *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://script.hotjar.com/modules.1f3821f9cafd68374ab2.js
- Text
- [Report Only] Refused to connect to 'https://surveystats.hotjar.io/hit?id=1426882&device=desktop' because it violates the following Content Security Policy directive: "connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://static.zdassets.com/web_widget/classic/latest/web-widget-main-c88ad82.js
- Text
- [Report Only] Refused to load the script 'https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-c88ad82.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
|
| error | security | - URL
- https://static.zdassets.com/web_widget/classic/latest/web-widget-main-c88ad82.js
- Text
- [Report Only] Refused to connect to 'https://med-fithelp.zendesk.com/embeddable/config' because it violates the following Content Security Policy directive: "connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://static.zdassets.com/web_widget/classic/latest/web-widget-main-c88ad82.js
- Text
- [Report Only] Refused to connect to 'https://med-fithelp.zendesk.com/embeddable/config' because it violates the following Content Security Policy directive: "connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'".
|
| warning | other | - URL
- https://med-fit.hu/
- Text
- The resource https://med-fit.hu/static/frontend/Medfit/default/hu_HU/fonts/Luma-Icons.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
|
| error | security | - URL
- https://static.zdassets.com/web_widget/classic/latest/web-widget-main-c88ad82.js
- Text
- [Report Only] Refused to load the script 'https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-c88ad82.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
|
| error | security | - URL
- https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-c88ad82.js
- Text
- [Report Only] Refused to connect to 'wss://widget-mediator.zopim.com/s/W/ws/cF0qeklXRJ-E3jz5/c/1737556760133' because it violates the following Content Security Policy directive: "connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adobe.io performance.typekit.net *.sentry.io *.paypal.com google.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'".
|
| error | security | - URL
- https://static.zdassets.com/web_widget/classic/latest/web-widget-main-c88ad82.js
- Text
- [Report Only] Refused to load the script 'https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-c88ad82.js' because it violates the following Content Security Policy directive: "script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.typekit.net google.com *.google.com *.cdn-apple.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
|
| error | security | - URL
- about:blank
- Text
- [Report Only] Refused to load media from 'https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3' because it violates the following Content Security Policy directive: "media-src *.adobe.com 'self' 'unsafe-inline'".
|
| error | security | - URL
- about:blank
- Text
- [Report Only] Refused to load media from 'https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3' because it violates the following Content Security Policy directive: "media-src *.adobe.com 'self' 'unsafe-inline'".
|
| warning | other | - URL
- https://med-fit.hu/
- Text
- The resource https://med-fit.hu/static/frontend/Medfit/default/hu_HU/fonts/Luma-Icons.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
|