Content-Security-Policy | default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.jquery.com *.youtube.com *.ytimg.com *.twitter.com *.twimg.com; style-src data: fonts.gstatic.com fonts.googleapis.com *.twitter.com *.twimg.com 'unsafe-inline' 'self'; img-src *.insomnihack.ch *.w.org *.gravatar.com *.twitter.com *.twimg.com data: 'self'; frame-src *.twitter.com *.youtube.com 'self'; connect-src 'self'; font-src fonts.gstatic.com fonts.googleapis.com data: 'self'; media-src *.youtube.com 'self' |