X-Content-Security-Policy | default-src 'none'; connect-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://bulk.no http://*.bulk.no http://*.google.com http://*.google-analytics.com http://*.linkedin.com http://*.twitter.com https://bulk.no https://*.bulk.no https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.linkedin.com https://*.robtex.com https://*.twitter.com; img-src 'self' http://*.google-analytics.com http://*.gstatic.com http://*.statkart.no https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.licdn.com; font-src 'self' http://*.gstatic.com https://*.gstatic.com; frame-src 'self' http://*.facebook.com http://*.i.ign.as http://*.twitter.com https://*.facebook.com https://*.google.com https://*.i.ign.as https://*.twitter.com; media-src 'self' http://bulk.no http://*.bulk.no https://bulk.no https://*.bulk.no; object-src 'self'; style-src 'self' 'unsafe-inline' http://bulk.no http://*.bulk.no https://bulk.no https://*.bulk.no https://*.googleapis.com; report-uri /csp-report/ |