Content-Security-Policy | script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.gstatic.com oss.maxcdn.com code.jquery.com cdnjs.cloudflare.com receptive.io platform.twitter.com *.google-analytics.com js.stripe.com *.auth0.com ajax.googleapis.com *.addthis.com cdn.mxpnl.com gitcdn.github.io *.olark.com tag.marinsm.com pixel-geo.prfct.co graph.facebook.com widgets.pinterest.com *.reddit.com; style-src 'self' 'unsafe-inline' *.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com gitcdn.github.io *.olark.com; img-src 'self' data: www.google.com *.google-analytics.com *.gravatar.com *.stripe.com *.wp.com *.doubleclick.net *.olark.com cdn.mxpnl.com pixel-geo.prfct.co *.adnxs.com images.mxpnl.com; font-src 'self' data: *.bootstrapcdn.com *.gstatic.com cdn.auth0.com cdnjs.cloudflare.com d2asqqdjv2zbgw.cloudfront.net fonts.googleapis.com; child-src 'self' www.google.com *.youtube.com *.cloudfront.net js.stripe.com *.addthis.com *.olark.com |