Content-Security-Policy | script-src 'self' 'unsafe-inline' 'unsafe-eval' graph.facebook.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.google.com www.gstatic.com fbcdn-profile-a.akamaihd.net *.twimg.com *.googleusercontent.com *.xingassets.com vk.com *.yimg.com secure.gravatar.com use.typekit.net www.google-analytics.com www.googletagmanager.com connect.facebook.net maps.googleapis.com maps.gstatic.com; object-src 'self'; img-src 'self' https://s3-us-west-2.amazonaws.com https://milkpep.s3.amazonaws.com www.facebook.com www.google-analytics.com data: blob: filesystem:;connect-src 'self' twitter.com www.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; |