Content-Security-Policy | frame-src 'self' www.youtube-nocookie.com www.youtube.com docs.google.com maps.google.de www.google.com drive.google.com accounts.google.com *.xing-share.com; default-src 'self'; script-src 'self' ajax.googleapis.com www.google-analytics.com maps.googleapis.com maps.google.de maps.gstatic.de maps.gstatic.com *.xing-share.com; img-src 'self' *.ggpht.com *.googleusercontent.com *.g.doubleclick.net www.google-analytics.com *.xing-share.com; style-src 'self' ajax.googleapis.com 'unsafe-inline' *.xing-share.com; |