Searching for:

Content-Security-Policy

File:
/home2/amrbuild/public_html/cmk/.htaccess

Line: 81

Context:
  76 :   Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  77 :   Header set Referrer-Policy "strict-origin-when-cross-origin"
  78 :   Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
  79 : </IfModule>
  80 : 
  81 : Header set Content-Security-Policy "
  82 :   default-src 'self';
  83 :   script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
  84 :   style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
  85 :   font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net;
  86 :   img-src 'self' data: cdnjs.cloudflare.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com;
File:
/home2/amrbuild/public_html/renovista/.htaccess

Line: 81

Context:
  76 : 
  77 :     # HSTS (forces HTTPS in browsers)
  78 :     Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  79 : 
  80 :     # Content Security Policy (SAFE DEFAULT)
  81 :     Header set Content-Security-Policy "
  82 :         default-src 'self';
  83 :         img-src 'self' data: https:;
  84 :         script-src 'self' 'unsafe-inline' https:;
  85 :         style-src 'self' 'unsafe-inline' https:;
  86 :         font-src 'self' https:;
File:
/home2/amrbuild/public_html/vaastvik/.htaccess

Line: 70

Context:
  65 : </IfModule>
  66 : 
  67 : #############################################
  68 : # CONTENT SECURITY POLICY
  69 : #############################################
  70 : Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' data: cdnjs.cloudflare.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com; connect-src 'self' www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com; object-src 'none'; frame-src 'self' www.google.com; base-uri 'self';"
  71 : RewriteCond %{HTTP_HOST} ^vaastvikrealtors\.amrbuildtech\.com$
  72 : RewriteRule ^/?$ "https\:\/\/vaastvikrealtors\.com\/" [R=301,L]
  73 : 
File:
/home2/amrbuild/public_html/ceilfab/.htaccess

Line: 88

Context:
  83 :   Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  84 :   Header set Referrer-Policy "strict-origin-when-cross-origin"
  85 :   Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
  86 : </IfModule>
  87 : 
  88 : Header set Content-Security-Policy "
  89 :   default-src 'self';
  90 :   script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
  91 :   style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
  92 :   font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net;
  93 :   img-src 'self' data: cdnjs.cloudflare.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com;
File:
/home2/amrbuild/public_html/amitglassemporium/.htaccess

Line: 75

Context:
  70 :     Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  71 :     Header set Referrer-Policy "strict-origin-when-cross-origin"
  72 :     Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
  73 : </IfModule>
  74 : 
  75 : Header set Content-Security-Policy "
  76 :   default-src 'self';
  77 :   script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
  78 :   style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
  79 :   font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net;
  80 :   img-src 'self' data: cdnjs.cloudflare.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com;
File:
/home2/amrbuild/public_html/allweb/mcm/cm/vendor/scrivo/highlight.php/test/detect/csp/default.txt

Line: 1

Context:
   1 : Content-Security-Policy:
   2 :     default-src 'self';
   3 :     style-src 'self' css.example.com;
   4 :     img-src *.example.com;
   5 :     script-src 'unsafe-eval' 'self' js.example.com 'nonce-Nc3n83cnSAd3wc3Sasdfn939hc3'
File:
/home2/amrbuild/public_html/allweb/mcm/cm/vendor/symfony/http-kernel/EventListener/ErrorListener.php

Line: 90

Context:
  85 :     }
  86 : 
  87 :     public function removeCspHeader(ResponseEvent $event): void
  88 :     {
  89 :         if ($this->debug && $event->getRequest()->attributes->get('_remove_csp_headers', false)) {
  90 :             $event->getResponse()->headers->remove('Content-Security-Policy');
  91 :         }
  92 :     }
  93 : 
  94 :     public function onControllerArguments(ControllerArgumentsEvent $event)
  95 :     {
File:
/home2/amrbuild/public_html/allweb/mcm/demo/vendor/scrivo/highlight.php/test/detect/csp/default.txt

Line: 1

Context:
   1 : Content-Security-Policy:
   2 :     default-src 'self';
   3 :     style-src 'self' css.example.com;
   4 :     img-src *.example.com;
   5 :     script-src 'unsafe-eval' 'self' js.example.com 'nonce-Nc3n83cnSAd3wc3Sasdfn939hc3'
File:
/home2/amrbuild/public_html/allweb/mcm/demo/vendor/symfony/http-kernel/EventListener/ErrorListener.php

Line: 90

Context:
  85 :     }
  86 : 
  87 :     public function removeCspHeader(ResponseEvent $event): void
  88 :     {
  89 :         if ($this->debug && $event->getRequest()->attributes->get('_remove_csp_headers', false)) {
  90 :             $event->getResponse()->headers->remove('Content-Security-Policy');
  91 :         }
  92 :     }
  93 : 
  94 :     public function onControllerArguments(ControllerArgumentsEvent $event)
  95 :     {
File:
/home2/amrbuild/public_html/allweb/mmr/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/Service.php

Line: 190

Context:
 185 : 			}
 186 : 		}
 187 : 
 188 : 		if ($bIndex)
 189 : 		{
 190 : 			@\header('Content-Security-Policy:');
 191 : 			@\header_remove('Content-Security-Policy');
 192 : 
 193 : 			@header('Content-Type: text/html; charset=utf-8');
 194 : 			$this->oHttp->ServerNoCache();
 195 : 
File:
/home2/amrbuild/public_html/allweb/mmr/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/Service.php

Line: 191

Context:
 186 : 		}
 187 : 
 188 : 		if ($bIndex)
 189 : 		{
 190 : 			@\header('Content-Security-Policy:');
 191 : 			@\header_remove('Content-Security-Policy');
 192 : 
 193 : 			@header('Content-Type: text/html; charset=utf-8');
 194 : 			$this->oHttp->ServerNoCache();
 195 : 
 196 : 			if (!@\is_dir(APP_DATA_FOLDER_PATH) || !@\is_writable(APP_DATA_FOLDER_PATH))
File:
/home2/amrbuild/public_html/allweb/mmr/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/Service.php

Line: 308

Context:
 303 : 			'{{BaseAppThemeCssLink}}' => $this->oActions->ThemeLink($sTheme, $bAdmin),
 304 : 			'{{BaseAppPolyfillsScriptLink}}' => $this->staticPath('js/'.($bAppJsDebug ? '' : 'min/').'polyfills'.($bAppJsDebug ? '' : '.min').'.js'),
 305 : 			'{{BaseAppBootScriptLink}}' => $this->staticPath('js/'.($bAppJsDebug ? '' : 'min/').'boot'.($bAppJsDebug ? '' : '.min').'.js'),
 306 : 			'{{BaseViewport}}' => $bMobile ? 'width=device-width,initial-scale=1,user-scalable=no' : 'width=950,maximum-scale=2',
 307 : 			'{{BaseContentSecurityPolicy}}' => $sContentSecurityPolicy ?
 308 : 				'<meta http-equiv="Content-Security-Policy" content="'.$sContentSecurityPolicy.'" />' : '',
 309 : 			'{{BaseDir}}' => false && \in_array($sLanguage, array('ar', 'he', 'ur')) ? 'rtl' : 'ltr',
 310 : 			'{{BaseAppManifestLink}}' => $this->staticPath('manifest.json')
 311 : 		);
 312 : 
 313 : 		$aTemplateParameters['{{RainloopBootData}}'] = \json_encode(array(
File:
/home2/amrbuild/public_html/allweb/mmr/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/ServiceActions.php

Line: 509

Context:
 504 : 			{
 505 : 				$sMethodName = 'Raw'.$sAction;
 506 : 				if (\method_exists($this->oActions, $sMethodName))
 507 : 				{
 508 : 					@\header('X-Raw-Action: '.$sMethodName, true);
 509 : 					@\header('Content-Security-Policy: script-src \'none\'; child-src \'none\' docs.google.com apis.google.com', true);
 510 : 
 511 : 					$sRawError = '';
 512 : 					$this->oActions->SetActionParams(array(
 513 : 						'RawKey' => empty($this->aPaths[3]) ? '' : $this->aPaths[3],
 514 : 						'Params' => $this->aPaths
File:
/home2/amrbuild/public_html/allweb/mmrs/win/MMR/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/Service.php

Line: 190

Context:
 185 : 			}
 186 : 		}
 187 : 
 188 : 		if ($bIndex)
 189 : 		{
 190 : 			@\header('Content-Security-Policy:');
 191 : 			@\header_remove('Content-Security-Policy');
 192 : 
 193 : 			@header('Content-Type: text/html; charset=utf-8');
 194 : 			$this->oHttp->ServerNoCache();
 195 : 
File:
/home2/amrbuild/public_html/allweb/mmrs/win/MMR/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/Service.php

Line: 191

Context:
 186 : 		}
 187 : 
 188 : 		if ($bIndex)
 189 : 		{
 190 : 			@\header('Content-Security-Policy:');
 191 : 			@\header_remove('Content-Security-Policy');
 192 : 
 193 : 			@header('Content-Type: text/html; charset=utf-8');
 194 : 			$this->oHttp->ServerNoCache();
 195 : 
 196 : 			if (!@\is_dir(APP_DATA_FOLDER_PATH) || !@\is_writable(APP_DATA_FOLDER_PATH))
File:
/home2/amrbuild/public_html/allweb/mmrs/win/MMR/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/Service.php

Line: 308

Context:
 303 : 			'{{BaseAppThemeCssLink}}' => $this->oActions->ThemeLink($sTheme, $bAdmin),
 304 : 			'{{BaseAppPolyfillsScriptLink}}' => $this->staticPath('js/'.($bAppJsDebug ? '' : 'min/').'polyfills'.($bAppJsDebug ? '' : '.min').'.js'),
 305 : 			'{{BaseAppBootScriptLink}}' => $this->staticPath('js/'.($bAppJsDebug ? '' : 'min/').'boot'.($bAppJsDebug ? '' : '.min').'.js'),
 306 : 			'{{BaseViewport}}' => $bMobile ? 'width=device-width,initial-scale=1,user-scalable=no' : 'width=950,maximum-scale=2',
 307 : 			'{{BaseContentSecurityPolicy}}' => $sContentSecurityPolicy ?
 308 : 				'<meta http-equiv="Content-Security-Policy" content="'.$sContentSecurityPolicy.'" />' : '',
 309 : 			'{{BaseDir}}' => false && \in_array($sLanguage, array('ar', 'he', 'ur')) ? 'rtl' : 'ltr',
 310 : 			'{{BaseAppManifestLink}}' => $this->staticPath('manifest.json')
 311 : 		);
 312 : 
 313 : 		$aTemplateParameters['{{RainloopBootData}}'] = \json_encode(array(
File:
/home2/amrbuild/public_html/allweb/mmrs/win/MMR/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/ServiceActions.php

Line: 509

Context:
 504 : 			{
 505 : 				$sMethodName = 'Raw'.$sAction;
 506 : 				if (\method_exists($this->oActions, $sMethodName))
 507 : 				{
 508 : 					@\header('X-Raw-Action: '.$sMethodName, true);
 509 : 					@\header('Content-Security-Policy: script-src \'none\'; child-src \'none\' docs.google.com apis.google.com', true);
 510 : 
 511 : 					$sRawError = '';
 512 : 					$this->oActions->SetActionParams(array(
 513 : 						'RawKey' => empty($this->aPaths[3]) ? '' : $this->aPaths[3],
 514 : 						'Params' => $this->aPaths
File:
/home2/amrbuild/public_html/bak_files/.htaccess

Line: 123

Context:
 118 :     Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
 119 :     Header set Referrer-Policy "strict-origin-when-cross-origin"
 120 :     Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
 121 : </IfModule>
 122 : 
 123 : Header set Content-Security-Policy "
 124 :   default-src 'self';
 125 :   script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
 126 :   style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
 127 :   font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net;
 128 :   img-src 'self' data: cdnjs.cloudflare.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com;
File:
/home2/amrbuild/public_html/includes/bootstrap-agent.php

Line: 4

Context:
   1 : <?php
   2 : ob_start();
   3 : 
   4 : header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com code.jquery.com unpkg.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' data: cdnjs.cloudflare.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com; connect-src 'self' www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com cdn.jsdelivr.net; object-src 'none'; frame-src 'self' www.google.com google.com; frame-ancestors 'none'; base-uri 'self';");
   5 : 
   6 : if ($_SERVER['REQUEST_URI'] === '/' || $_SERVER['REQUEST_URI'] === '/index.php') {
   7 :     header('Link: </.well-known/api-catalog>; rel="api-catalog"', false);
   8 : }
File:
/home2/amrbuild/public_html/index.php

Line: 8

Context:
   3 : $meta_description = "Need a trusted construction company in Bhopal? AMR BuildTech delivers residential and commercial projects with transparent pricing, quality execution, and timely delivery";
   4 : $canonical_link = "https://www.amrbuildtech.com/";
   5 : $lcp_image_url = '/dummies/banner1-720.webp';
   6 : // --- Security Headers ---
   7 : header("X-Frame-Options: SAMEORIGIN");
   8 : header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com cdn.jsdelivr.net; connect-src 'self' www.google-analytics.com; img-src 'self' data: https:; object-src 'none'; base-uri 'self'; frame-src 'none'; frame-ancestors 'none';");
   9 : header("X-Content-Type-Options: nosniff");
  10 : header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
  11 : header("Referrer-Policy: strict-origin-when-cross-origin");
  12 : header("Permissions-Policy: geolocation=(), microphone=(), camera=()");
  13 : ?>
File:
/home2/amrbuild/public_html/1.php

Line: 10

Context:
   5 : $root = __DIR__;
   6 : 
   7 : // ======================================
   8 : // SEARCH STRING
   9 : // ======================================
  10 : $search = 'Content-Security-Policy';
  11 : 
  12 : // File extensions to search
  13 : $extensions = ['php', 'html', 'htm', 'css', 'js', 'xml', 'txt'];
  14 : 
  15 : echo "<!DOCTYPE html>";
File:
/home2/amrbuild/public_html/services.php

Line: 10

Context:
   5 : $og_image = "https://www.amrbuildtech.com/dummies/property_031.jpg";
   6 : $lcp_image_url = '/dummies/property_031.jpg';
   7 : 
   8 : // --- Security Headers (matches index.php) ---
   9 : header("X-Frame-Options: SAMEORIGIN");
  10 : header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com cdn.jsdelivr.net; connect-src 'self' www.google-analytics.com; img-src 'self' data: https:; object-src 'none'; base-uri 'self'; frame-src 'none'; frame-ancestors 'none';");
  11 : header("X-Content-Type-Options: nosniff");
  12 : header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
  13 : header("Referrer-Policy: strict-origin-when-cross-origin");
  14 : header("Permissions-Policy: geolocation=(), microphone=(), camera=()");
  15 : ?>

Search Complete

Total Files Matched: 18
Total Matches: 22