Content-Security-Policy | default-src 'self' *.msecnd.net data:; media-src js.intercomcdn.com xtc-staging-artifacts.s3-eu-west-1.amazonaws.com xtc-prod-artifacts.s3-eu-west-1.amazonaws.com testcloud-staging-artifacts.s3-eu-west-1.amazonaws.com testcloud-artifacts.s3-eu-west-1.amazonaws.com; child-src share.intercom.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.msecnd.net app.intercom.io widget.intercom.io js.intercomcdn.com monaco-cdn-int.azureedge.net https://www.google-analytics.com accessibility-bookmarklets.org uhf.microsoft.com assets.onestore.ms mobilecenter.azureedge.net; style-src 'self' 'unsafe-inline' monaco-cdn-int.azureedge.net fonts.googleapis.com accessibility-bookmarklets.org/ uhf.microsoft.com assets.onestore.ms mobilecenter.azureedge.net; font-src 'self' 'unsafe-inline' data: js.intercomcdn.com fonts.gstatic.com assets.onestore.ms c.s-microsoft.com; img-src * data:; connect-src 'self' appcenter.ms install.appcenter.ms *.intercom.io uploads.intercomcdn.com *.cloudfront.net wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.visualstudio.com *.hockeyapp.net *.blob.core.windows.net https://capture.trackjs.com https://graph.microsoft.com mobile.azure.com install.mobile.azure.com appcenter.ms install.appcenter.ms *.xamarin.com xtc-prod-artifacts.s3-eu-west-1.amazonaws.com testcloud-artifacts.s3-eu-west-1.amazonaws.com wss://build-live-prod.trafficmanager.net https://api-prod-east-us2.prod.avalanch.es:8088 mobilecenter.azureedge.net |