Content-Security-Policy | default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google-analytics.com www.google.com ajax.googleapis.com use.typekit.net assets.pinterest.com log.pinterest.com public.tockify.com www.googletagmanager.com www.youtube.com; img-src 'self' data: www.google-analytics.com p.typekit.net www.arborday.org assets.pinterest.com; font-src 'self' data: use.typekit.net; style-src 'self' 'unsafe-inline' use.typekit.net; child-src 'self' tockify.com; frame-src www.youtube.com tockify.com www.google.com ajax.googleapis.com; |