CSP Data for: zulily.com

#	Time Frame	Framing Control	TLS Enforce	Content Control	'unsafe-inline'	http / https / *	data:	Diffs	Normalized Policy
0	2018-10-01 - 2018-10-09	False	True	True	True	True	False	0	base-uri 'self'; default-src https:; img-src data: http: https:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline';
1	2018-10-10 - 2018-10-19	False	True	True	True	True	False	3	base-uri 'self'; block-all-mixed-content; default-src https:; font-src data: https:; img-src data: https:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline';
2	2018-10-20 - END	False	True	True	True	True	False	1	base-uri 'self'; block-all-mixed-content; default-src https:; font-src data: https:; img-src data: https:; object-src 'none'; report-uri report; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline';

Time Frame

Framing Control

TLS Enforce

Content Control

Third JS Parties

'unsafe-inline'

http / https / *

data:

Diffs

Normalized Policy

2018-10-01 - 2018-10-09

False

True

True

True

True

False

base-uri 'self'; default-src https:; img-src data: http: https:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline';

2018-10-10 - 2018-10-19

False

True

True

True

True

False

base-uri 'self'; block-all-mixed-content; default-src https:; font-src data: https:; img-src data: https:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline';

2018-10-20 - END

False

True

True

True

True

False

base-uri 'self'; block-all-mixed-content; default-src https:; font-src data: https:; img-src data: https:; object-src 'none'; report-uri report; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline';