Content-Security-Policy | style-src ajax.aspnetcdn.com hello.myfonts.net 'unsafe-inline' 'self'; script-src stats.g.doubleclick.net s3.amazonaws.com tinymce.cachefly.net ajax.googleapis.com www.google-analytics.com ajax.aspnetcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-src cardholder.mastercardworldwide.com mtf.cardholder.mastercardworldwide.com *.fls.doubleclick.net www.youtube.com ct1.addthis.com *.edentiti.com 'self'; img-src stats.g.doubleclick.net app.rejoiner.com www.gravatar.com www.google-analytics.com 'self' data:; font-src 'self'; default-src 'self'; |