Content-Security-Policy | default-src 'none'; object-src 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' https://oss.maxcdn.com *.googleapis.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://www.google-analytics.com www.google-analytics.com static.hotjar.com https://script.hotjar.com https://cdnjs.cloudflare.com https://i.simpli.fi *.gstatic.com *.youtube.com *.doubleclick.net https://static.doubleclick.net https://s.ytimg.com https://www.googleadservices.com *.aspnetcdn.com https://pi-test.sagepay.com facebook.com *.facebook.com http://www.googletagmanager.com http://s3.amazonaws.com http://www.googleadservices.com; style-src 'self' https: 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com fonts.googleapis.com https://www.gstatic.com; img-src 'self' data: https://cdnjs.cloudflare.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net static.doubleclick.net https://www.gravatar.com i.simpli.fi *.gstatic.com *.googleapis.com maps.googleapis.com *.umbraco.tv http://umbraco.tv https://tawk.link https://static-v.tawk.to https://www.facebook.com https://www.google.com; font-src 'self' https: https://maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' https: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net http://insights.hotjar.com https://pi-test.sagepay.com wss://*.tawk.to; frame-src 'self' https: https://vars.hotjar.com *.youtube.com |