Content-Security-Policy | default-src 'none';script-src 'self' 'unsafe-inline' https://*.typekit.net/ https://platform.twitter.com ajax.googleapis.com ajax.aspnetcdn.com https://www.google-analytics.com/analytics.js;style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com;img-src 'self' data: https://*.typekit.net/ https://www.google-analytics.com https://google-analytics.com;frame-src https://www.google.com;font-src 'self' https://*.typekit.net/ *.typekit.net maxcdn.bootstrapcdn.com;connect-src 'self' localhost:* ws://localhost:* https://*.typekit.net/;form-action 'self';report-uri /WebResource.axd?cspReport=true |