Content-Security-Policy | default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.google.com https://www.google-analytics.com https://*.googleapis.com https://*.twitter.com https://*.twimg.com https://*.pinterest.com http://js-agent.newrelic.com http://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://platform.twitter.com; img-src 'self' data: https://maps.google.com https://*.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://*.twimg.com https://*.doubleclick.net https://*.twitter.com https://*.pinimg.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://gg.report-uri.io/r/default/csp/enforce; |