Content-Security-Policy | default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com ajax.aspnetcdn.com www.google.com www.google-analytics.com maps.google.com maps-api-ssl.google.com *.gstatic.com cdn.scripts.tools *.facebook.net *.facebook.com;style-src 'self' 'unsafe-inline' *.googleapis.com ajax.aspnetcdn.com www.google.com www.google-analytics.com maps.google.com *.gstatic.com;img-src 'self' * data: blob:;frame-src 'self' data: blob: *.youtube.com youtu.be *.youtu.be *.vimeo.com www.google.com *.facebook.net *.facebook.com;font-src 'self' *.googleapis.com ajax.aspnetcdn.com www.google.com www.google-analytics.com maps.google.com *.gstatic.com;connect-src 'self';child-src 'self' data: blob: *.youtube.com youtu.be *.youtu.be *.vimeo.com www.google.com *.facebook.net *.facebook.com;form-action 'self' https://accounts.google.com https://www.google.com |