Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://www.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://fonts.googleapis.com https://www.google.com; img-src 'self' data: *.google-analytics.com https://www.google.com https://chart.googleapis.com https://maps.googleapis.com https://i.ytimg.com https://www.facebook.com; connect-src 'self' wss://bitx.co; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src *.facebook.com https://www.youtube.com; |