Content-Security-Policy | connect-src 'self' ws://bundlestars.com; default-src 'self' bundlestars.com; font-src 'self'; frame-src 'self' *.youtube.com https://*.youtube.com *.google.com https://*.google.com; img-src 'self' data: *.youtube.com https://*.youtube.com *.gstatic.com https://*.gstatic.com *.siftscience.com https://*.siftscience.com *.google-analytics.com https://*.google-analytics.com *.bundlestars.com https://*.bundlestars.com *.nr-data.net https://*.nr-data.net newcdn-images.bundlestars.com; media-src 'self' bundlestars.com; object-src 'self'; sandbox allow-forms allow-scripts allow-same-origin allow-popups; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com https://*.gstatic.com *.google.com https://*.google.com *.siftscience.com https://*.siftscience.com *.google-analytics.com https://*.google-analytics.com *.newrelic.com https://*.newrelic.com *.nr-data.net https://*.nr-data.net ajax.cloudflare.com https://ajax.cloudflare.com; style-src 'self' 'unsafe-inline' |