| Content-Security-Policy | style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com https://netdna.bootstrapcdn.com https://widget.fredknows.it;connect-src 'self' https://tag.smartly.io https://fl.paymill.de https://graph.facebook.com https://admin.fredknows.it;child-src 'self' https://player.vimeo.com https://s-static.ak.facebook.com https://www.facebook.com https://platform.twitter.com https://bridge.paymill.de https://www.youtube.com https://egym.staffboard.de https://staticxx.facebook.com;script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://mts1.googleapis.com https://platform.twitter.com https://apis.google.com https://ajax.googleapis.com https://api.mixpanel.com https://code.jquery.com https://ssl.google-analytics.com https://ssl.gstatic.com https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://connect.facebook.net https://bridge.paymill.com https://www.google.com https://test-token.paymill.de https://token.paymill.de https://token-v2.paymill.de https://test-token.paymill.com https://token-v2.paymill.com https://maps.google.com https://maps.gstatic.com https://maps.googleapis.com https://mts0.googleapis.com https://netdna.bootstrapcdn.com https://www.googletagmanager.com https://widget.fredknows.it;object-src 'self';img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://ssl.google-analytics.com https://www.google.com https://maps.gstatic.com https://maps.google.com https://mts0.googleapis.com https://mts1.googleapis.com https://maps.googleapis.com https://csi.gstatic.com https://chart.googleapis.com https://code.jquery.com https://stats.g.doubleclick.net https://www.google-analytics.com https://img.youtube.com https://s3-eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://widget.fredknows.it; |