Content-Security-Policy | script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.maps.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.pinterest.com *.twitter.com *.youtube.com *.newrelic.com *.hotjar.com *.nr-data.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net; img-src 'self' data: *.google.com cdn.jsdelivr.net *.doubleclick.net *.google-analytics.com *.facebook.com; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net; media-src * 'self'; frame-src * 'self'; |