| Content-Security-Policy | frame-src 'self' https://player.vimeo.com https://s-static.ak.facebook.com https://www.facebook.com https://platform.twitter.com https://bridge.paymill.de;connect-src 'self' https://tag.smartly.io https://fl.paymill.de https://graph.facebook.com;default-src 'self';object-src 'none;font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com https://netdna.bootstrapcdn.com;img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://ssl.google-analytics.com https://assets.zendesk.com https://www.google.com https://maps.gstatic.com https://mts0.googleapis.com https://mts1.googleapis.com https://maps.googleapis.com https://csi.gstatic.com https://chart.googleapis.com https://code.jquery.com https://stats.g.doubleclick.net https://d2lml4lq5yh749.cloudfront.net https://www.google-analytics.com;script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://mts1.googleapis.com https://platform.twitter.com https://d9jmv9u00p0mv.cloudfront.net https://*.convertexperiments.com https://apis.google.com https://ajax.googleapis.com https://api.mixpanel.com https://code.jquery.com https://ssl.google-analytics.com https://ssl.gstatic.com https://www.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://graph.facebook.com https://connect.facebook.net https://bridge.paymill.com https://www.google.com https://test-token.paymill.de https://token.paymill.de https://token-v2.paymill.de https://test-token.paymill.com https://token-v2.paymill.com https://maps.google.com https://maps.gstatic.com https://maps.googleapis.com https://mts0.googleapis.com https://netdna.bootstrapcdn.com https://www.googletagmanager.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com https://code.jquery.com https://netdna.bootstrapcdn.com; |