Content-Security-Policy | script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com *.googleapis.com *.youtube.com *.ytimg.com *.gstatic.com cse.google.com www.google.com *.googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com www.google.com tagmanager.google.com; default-src 'self' *.gstatic.com g-design.storage.googleapis.com storage.googleapis.com; frame-src 'self' www.google.com *.googleusercontent.com www.youtube.com accounts.google.com apis.google.com plus.google.com cse.google.com; img-src 'self' data: s.ytimg.com *.googleusercontent.com *.gstatic.com www.google-analytics.com storage.googleapis.com www.gravatar.com www.googleapis.com www.google.com clients1.google.com; connect-src 'self' plus.google.com www.google-analytics.com; font-src 'self' themes.googleusercontent.com *.gstatic.com; report-uri /csp/report/ |