content-security-policy | default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn1.giveucar.com www.google-analytics.com maps.googleapis.com static.addtoany.com; style-src 'self' 'unsafe-inline' fs.giveucar.com cdn1.giveucar.com fonts.googleapis.com static.addtoany.com; img-src 'self' data: cdn1.giveucar.com fs.giveucar.com fs.jpctrade.com www.google-analytics.com www.jp-c.com maps.googleapis.com maps.gstatic.com csi.gstatic.com maps.google.com; font-src 'self' fs.giveucar.com cdn1.giveucar.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' cdn1.giveucar.com fs.giveucar.com s3-ap-northeast-1.amazonaws.com; form-action 'self'; frame-src static.addtoany.com; media-src 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'self'; |