Searching for:
Content-Security-Policy
File:
/home2/amrbuild/public_html/cmk/.htaccess
Line: 81
Context: 76 : Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
77 : Header set Referrer-Policy "strict-origin-when-cross-origin"
78 : Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
79 : </IfModule>
80 :
81 : Header set Content-Security-Policy "
82 : default-src 'self';
83 : script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
84 : style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
85 : font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net;
86 : img-src 'self' data: cdnjs.cloudflare.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com;
File:
/home2/amrbuild/public_html/renovista/.htaccess
Line: 81
Context: 76 :
77 : # HSTS (forces HTTPS in browsers)
78 : Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
79 :
80 : # Content Security Policy (SAFE DEFAULT)
81 : Header set Content-Security-Policy "
82 : default-src 'self';
83 : img-src 'self' data: https:;
84 : script-src 'self' 'unsafe-inline' https:;
85 : style-src 'self' 'unsafe-inline' https:;
86 : font-src 'self' https:;
File:
/home2/amrbuild/public_html/vaastvik/.htaccess
Line: 70
Context: 65 : </IfModule>
66 :
67 : #############################################
68 : # CONTENT SECURITY POLICY
69 : #############################################
70 : Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' data: cdnjs.cloudflare.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com; connect-src 'self' www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com; object-src 'none'; frame-src 'self' www.google.com; base-uri 'self';"
71 : RewriteCond %{HTTP_HOST} ^vaastvikrealtors\.amrbuildtech\.com$
72 : RewriteRule ^/?$ "https\:\/\/vaastvikrealtors\.com\/" [R=301,L]
73 :
File:
/home2/amrbuild/public_html/ceilfab/.htaccess
Line: 88
Context: 83 : Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
84 : Header set Referrer-Policy "strict-origin-when-cross-origin"
85 : Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
86 : </IfModule>
87 :
88 : Header set Content-Security-Policy "
89 : default-src 'self';
90 : script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
91 : style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
92 : font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net;
93 : img-src 'self' data: cdnjs.cloudflare.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com;
File:
/home2/amrbuild/public_html/amitglassemporium/.htaccess
Line: 75
Context: 70 : Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
71 : Header set Referrer-Policy "strict-origin-when-cross-origin"
72 : Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
73 : </IfModule>
74 :
75 : Header set Content-Security-Policy "
76 : default-src 'self';
77 : script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
78 : style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
79 : font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net;
80 : img-src 'self' data: cdnjs.cloudflare.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com;
File:
/home2/amrbuild/public_html/allweb/mcm/cm/vendor/scrivo/highlight.php/test/detect/csp/default.txt
Line: 1
Context: 1 : Content-Security-Policy:
2 : default-src 'self';
3 : style-src 'self' css.example.com;
4 : img-src *.example.com;
5 : script-src 'unsafe-eval' 'self' js.example.com 'nonce-Nc3n83cnSAd3wc3Sasdfn939hc3'
File:
/home2/amrbuild/public_html/allweb/mcm/cm/vendor/symfony/http-kernel/EventListener/ErrorListener.php
Line: 90
Context: 85 : }
86 :
87 : public function removeCspHeader(ResponseEvent $event): void
88 : {
89 : if ($this->debug && $event->getRequest()->attributes->get('_remove_csp_headers', false)) {
90 : $event->getResponse()->headers->remove('Content-Security-Policy');
91 : }
92 : }
93 :
94 : public function onControllerArguments(ControllerArgumentsEvent $event)
95 : {
File:
/home2/amrbuild/public_html/allweb/mcm/demo/vendor/scrivo/highlight.php/test/detect/csp/default.txt
Line: 1
Context: 1 : Content-Security-Policy:
2 : default-src 'self';
3 : style-src 'self' css.example.com;
4 : img-src *.example.com;
5 : script-src 'unsafe-eval' 'self' js.example.com 'nonce-Nc3n83cnSAd3wc3Sasdfn939hc3'
File:
/home2/amrbuild/public_html/allweb/mcm/demo/vendor/symfony/http-kernel/EventListener/ErrorListener.php
Line: 90
Context: 85 : }
86 :
87 : public function removeCspHeader(ResponseEvent $event): void
88 : {
89 : if ($this->debug && $event->getRequest()->attributes->get('_remove_csp_headers', false)) {
90 : $event->getResponse()->headers->remove('Content-Security-Policy');
91 : }
92 : }
93 :
94 : public function onControllerArguments(ControllerArgumentsEvent $event)
95 : {
File:
/home2/amrbuild/public_html/allweb/mmr/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/Service.php
Line: 190
Context: 185 : }
186 : }
187 :
188 : if ($bIndex)
189 : {
190 : @\header('Content-Security-Policy:');
191 : @\header_remove('Content-Security-Policy');
192 :
193 : @header('Content-Type: text/html; charset=utf-8');
194 : $this->oHttp->ServerNoCache();
195 :
File:
/home2/amrbuild/public_html/allweb/mmr/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/Service.php
Line: 191
Context: 186 : }
187 :
188 : if ($bIndex)
189 : {
190 : @\header('Content-Security-Policy:');
191 : @\header_remove('Content-Security-Policy');
192 :
193 : @header('Content-Type: text/html; charset=utf-8');
194 : $this->oHttp->ServerNoCache();
195 :
196 : if (!@\is_dir(APP_DATA_FOLDER_PATH) || !@\is_writable(APP_DATA_FOLDER_PATH))
File:
/home2/amrbuild/public_html/allweb/mmr/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/Service.php
Line: 308
Context: 303 : '{{BaseAppThemeCssLink}}' => $this->oActions->ThemeLink($sTheme, $bAdmin),
304 : '{{BaseAppPolyfillsScriptLink}}' => $this->staticPath('js/'.($bAppJsDebug ? '' : 'min/').'polyfills'.($bAppJsDebug ? '' : '.min').'.js'),
305 : '{{BaseAppBootScriptLink}}' => $this->staticPath('js/'.($bAppJsDebug ? '' : 'min/').'boot'.($bAppJsDebug ? '' : '.min').'.js'),
306 : '{{BaseViewport}}' => $bMobile ? 'width=device-width,initial-scale=1,user-scalable=no' : 'width=950,maximum-scale=2',
307 : '{{BaseContentSecurityPolicy}}' => $sContentSecurityPolicy ?
308 : '<meta http-equiv="Content-Security-Policy" content="'.$sContentSecurityPolicy.'" />' : '',
309 : '{{BaseDir}}' => false && \in_array($sLanguage, array('ar', 'he', 'ur')) ? 'rtl' : 'ltr',
310 : '{{BaseAppManifestLink}}' => $this->staticPath('manifest.json')
311 : );
312 :
313 : $aTemplateParameters['{{RainloopBootData}}'] = \json_encode(array(
File:
/home2/amrbuild/public_html/allweb/mmr/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/ServiceActions.php
Line: 509
Context: 504 : {
505 : $sMethodName = 'Raw'.$sAction;
506 : if (\method_exists($this->oActions, $sMethodName))
507 : {
508 : @\header('X-Raw-Action: '.$sMethodName, true);
509 : @\header('Content-Security-Policy: script-src \'none\'; child-src \'none\' docs.google.com apis.google.com', true);
510 :
511 : $sRawError = '';
512 : $this->oActions->SetActionParams(array(
513 : 'RawKey' => empty($this->aPaths[3]) ? '' : $this->aPaths[3],
514 : 'Params' => $this->aPaths
File:
/home2/amrbuild/public_html/allweb/mmrs/win/MMR/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/Service.php
Line: 190
Context: 185 : }
186 : }
187 :
188 : if ($bIndex)
189 : {
190 : @\header('Content-Security-Policy:');
191 : @\header_remove('Content-Security-Policy');
192 :
193 : @header('Content-Type: text/html; charset=utf-8');
194 : $this->oHttp->ServerNoCache();
195 :
File:
/home2/amrbuild/public_html/allweb/mmrs/win/MMR/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/Service.php
Line: 191
Context: 186 : }
187 :
188 : if ($bIndex)
189 : {
190 : @\header('Content-Security-Policy:');
191 : @\header_remove('Content-Security-Policy');
192 :
193 : @header('Content-Type: text/html; charset=utf-8');
194 : $this->oHttp->ServerNoCache();
195 :
196 : if (!@\is_dir(APP_DATA_FOLDER_PATH) || !@\is_writable(APP_DATA_FOLDER_PATH))
File:
/home2/amrbuild/public_html/allweb/mmrs/win/MMR/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/Service.php
Line: 308
Context: 303 : '{{BaseAppThemeCssLink}}' => $this->oActions->ThemeLink($sTheme, $bAdmin),
304 : '{{BaseAppPolyfillsScriptLink}}' => $this->staticPath('js/'.($bAppJsDebug ? '' : 'min/').'polyfills'.($bAppJsDebug ? '' : '.min').'.js'),
305 : '{{BaseAppBootScriptLink}}' => $this->staticPath('js/'.($bAppJsDebug ? '' : 'min/').'boot'.($bAppJsDebug ? '' : '.min').'.js'),
306 : '{{BaseViewport}}' => $bMobile ? 'width=device-width,initial-scale=1,user-scalable=no' : 'width=950,maximum-scale=2',
307 : '{{BaseContentSecurityPolicy}}' => $sContentSecurityPolicy ?
308 : '<meta http-equiv="Content-Security-Policy" content="'.$sContentSecurityPolicy.'" />' : '',
309 : '{{BaseDir}}' => false && \in_array($sLanguage, array('ar', 'he', 'ur')) ? 'rtl' : 'ltr',
310 : '{{BaseAppManifestLink}}' => $this->staticPath('manifest.json')
311 : );
312 :
313 : $aTemplateParameters['{{RainloopBootData}}'] = \json_encode(array(
File:
/home2/amrbuild/public_html/allweb/mmrs/win/MMR/rainloop/rainloop/v/1.17.0/app/libraries/RainLoop/ServiceActions.php
Line: 509
Context: 504 : {
505 : $sMethodName = 'Raw'.$sAction;
506 : if (\method_exists($this->oActions, $sMethodName))
507 : {
508 : @\header('X-Raw-Action: '.$sMethodName, true);
509 : @\header('Content-Security-Policy: script-src \'none\'; child-src \'none\' docs.google.com apis.google.com', true);
510 :
511 : $sRawError = '';
512 : $this->oActions->SetActionParams(array(
513 : 'RawKey' => empty($this->aPaths[3]) ? '' : $this->aPaths[3],
514 : 'Params' => $this->aPaths
File:
/home2/amrbuild/public_html/bak_files/.htaccess
Line: 123
Context: 118 : Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
119 : Header set Referrer-Policy "strict-origin-when-cross-origin"
120 : Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
121 : </IfModule>
122 :
123 : Header set Content-Security-Policy "
124 : default-src 'self';
125 : script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
126 : style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com;
127 : font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net;
128 : img-src 'self' data: cdnjs.cloudflare.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com;
File:
/home2/amrbuild/public_html/includes/bootstrap-agent.php
Line: 4
Context: 1 : <?php
2 : ob_start();
3 :
4 : header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com code.jquery.com unpkg.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com maps.gstatic.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' data: cdnjs.cloudflare.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com; connect-src 'self' www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com cdn.jsdelivr.net; object-src 'none'; frame-src 'self' www.google.com google.com; frame-ancestors 'none'; base-uri 'self';");
5 :
6 : if ($_SERVER['REQUEST_URI'] === '/' || $_SERVER['REQUEST_URI'] === '/index.php') {
7 : header('Link: </.well-known/api-catalog>; rel="api-catalog"', false);
8 : }File:
/home2/amrbuild/public_html/index.php
Line: 8
Context: 3 : $meta_description = "Need a trusted construction company in Bhopal? AMR BuildTech delivers residential and commercial projects with transparent pricing, quality execution, and timely delivery";
4 : $canonical_link = "https://www.amrbuildtech.com/";
5 : $lcp_image_url = '/dummies/banner1-720.webp';
6 : // --- Security Headers ---
7 : header("X-Frame-Options: SAMEORIGIN");
8 : header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com cdn.jsdelivr.net; connect-src 'self' www.google-analytics.com; img-src 'self' data: https:; object-src 'none'; base-uri 'self'; frame-src 'none'; frame-ancestors 'none';");
9 : header("X-Content-Type-Options: nosniff");
10 : header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
11 : header("Referrer-Policy: strict-origin-when-cross-origin");
12 : header("Permissions-Policy: geolocation=(), microphone=(), camera=()");
13 : ?>
File:
/home2/amrbuild/public_html/1.php
Line: 10
Context: 5 : $root = __DIR__;
6 :
7 : // ======================================
8 : // SEARCH STRING
9 : // ======================================
10 : $search = 'Content-Security-Policy';
11 :
12 : // File extensions to search
13 : $extensions = ['php', 'html', 'htm', 'css', 'js', 'xml', 'txt'];
14 :
15 : echo "<!DOCTYPE html>";
File:
/home2/amrbuild/public_html/services.php
Line: 10
Context: 5 : $og_image = "https://www.amrbuildtech.com/dummies/property_031.jpg";
6 : $lcp_image_url = '/dummies/property_031.jpg';
7 :
8 : // --- Security Headers (matches index.php) ---
9 : header("X-Frame-Options: SAMEORIGIN");
10 : header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com cdn.jsdelivr.net; connect-src 'self' www.google-analytics.com; img-src 'self' data: https:; object-src 'none'; base-uri 'self'; frame-src 'none'; frame-ancestors 'none';");
11 : header("X-Content-Type-Options: nosniff");
12 : header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
13 : header("Referrer-Policy: strict-origin-when-cross-origin");
14 : header("Permissions-Policy: geolocation=(), microphone=(), camera=()");
15 : ?>
Search Complete
Total Files Matched: 18
Total Matches: 22