Content-Security-Policy-Report-Only | default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.google-analytics.com *.gstatic.com;object-src 'none';style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com;img-src 'self' www.google-analytics.com *.googleapis.com *.gstatic.com;media-src 'none';frame-src www.youtube.com;font-src 'self' themes.googleusercontent.com fonts.googleapis.com *.gstatic.com;base-uri 'self';child-src 'self';form-action 'self';frame-ancestors 'none';plugin-types application/pdf application/octet-stream;report-uri /WebResource.axd?cspReport=true |