Content-Security-Policy-Report-Only | default-src 'self' *.vu.nl *.twitter.com *.addthisedge.com *.youtube.com *.google-analytics.com; script-src 'self' 'unsafe-inline' connect.facebook.net *.googleadservices.com *.twitter.com *.vu.nl *.addthis.com; object-src 'self'; style-src 'self'; img-src 'self' *.ubvu.vu.nl *.twitter.com *.twimg.com *.addthisedge.com media.readspeaker.com *.google.com; media-src 'self'; frame-src 'self' *.ak.facebook.com platform.twitter.com *.youtube.com; font-src 'self'; connect-src 'self' ajax.googleapis.com cdnjs.cloudflare.com; report-uri http://www.vu.nl/csp/home/report |