Content-Security-Policy-Report-Only | child-src 'self' bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' https://partners.uber.com events.uber.com api.mixpanel.com d1a3f4spazzrp4.cloudfront.net *.optimizely.com www.google-analytics.com *.tealiumiq.com *.demdex.net; font-src 'self' data: https://d1a3f4spazzrp4.cloudfront.net; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://pullo.uberinternal.com https://app.onelogin.com bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; img-src 'self' data: https://www.google-analytics.com * * https://d1a3f4spazzrp4.cloudfront.net; media-src 'self' https://d1a3f4spazzrp4.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'nonce-9067f1e4-9aa5-4de4-bc80-06b26278d2bc' 'unsafe-inline' 'sha256-bFlRBbLxLeinRjriE+az6R1dDLm1qI1pCu4ZYu8wG1o=' 'sha256-tWVNpcdODBYUxyYfAhiVz61Y/BPw+BYSd1GTIE3QoXI=' code.jquery.com 'unsafe-eval' script.crazyegg.com www.google-analytics.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com https://d1a3f4spazzrp4.cloudfront.net; style-src 'self' 'unsafe-inline' https://toolshed.uberinternal.com https://pullo.uberinternal.com https://d1a3f4spazzrp4.cloudfront.net; report-uri https://csp.uber.com/csp?a=ambassador&ro=true&v=4; upgrade-insecure-requests |