Content-Security-Policy | default-src 'self' *.unisg.ch www.google-analytics.com ajax.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unisg.ch *.youtube.com *.pinterest.com *.ytimg.com www.googletagmanager.com www.google-analytics.com paper.li *.scoop.it; connect-src 'self'; img-src 'self' data: *.ytimg.com yimg.com *.yimg.com *.youtube.com www.google-analytics.com *.g.doubleclick.net; style-src 'self' 'unsafe-inline' *.scoop.it; frame-src 'self' *.unisg.ch www.google.com www.youtube.com datawrapper.dwcdn.net forms.nintex.com paper.li *.scoop.it; |