Content-Security-Policy | default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com ajax.aspnetcdn.com www.google.com www.google-analytics.com maps.google.com maps-api-ssl.google.com *.gstatic.com cdn.scripts.tools;style-src 'self' 'unsafe-inline' *.googleapis.com ajax.aspnetcdn.com www.google.com www.google-analytics.com maps.google.com *.gstatic.com;img-src 'self' *.googleapis.com ajax.aspnetcdn.com www.google.com www.google-analytics.com maps.google.com maps-api-ssl.google.com *.gstatic.com http://lorempixel.com data: blob:;media-src 'self' cdn.wannaspeak.com;frame-src 'self' data: blob: *.youtube.com youtu.be *.youtu.be *.vimeo.com;font-src 'self' *.googleapis.com ajax.aspnetcdn.com www.google.com www.google-analytics.com maps.google.com *.gstatic.com;connect-src 'self';form-action 'self' https://accounts.google.com https://www.google.com https://payment-webinit.simu.mercanet.bnpparibas.net/paymentInit https://payment-webinit.mercanet.bnpparibas.net/paymentInit |