Content-Security-Policy | default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net *.googleapis.com http://ib.adnxs.com https://*.mookie1.com www.googleadservices.com https://secure.adnxs.com *.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' * data:;frame-src 'self' *.youtube.com *.vimeo.com *.morningstar.com *.portalbank.no https://ext.mnm.as https://ir.asp.manamind.com https://*.google.com https://*.google.no https://www.googletagmanager.com https://*.google.se *.doubleclick.net;font-src 'self' https://fonts.gstatic.com;connect-src 'self' https://www.facebook.com/tr/;report-uri /WebResource.axd?cspReport=true |