Content-Security-Policy-Report-Only | default-src 'none';report-uri /csp-report;script-src https://*.adroll.com https://*.facebook.net https://*.zopim.com https://ddw3p1oh0ex89.cloudfront.net 'sha256-R2EJrrc1Xe7kp1EihvCYwjaX0CsK1PmTmU5TakO9XeU=' https://*.fullstory.com https://app.getsentry.com https://*.plaid.com https://js.intercomcdn.com 'sha256-Od08hzv9y6Vx8fH7Kz8bVZJpiAMT3DkJyoEjYXh4t50=' https://widget.intercom.io https://*.stripe.com;child-src https://*.plaid.com https://*.stripe.com;style-src https://ddw3p1oh0ex89.cloudfront.net https://fonts.googleapis.com 'unsafe-inline';img-src https://*.adroll.com https://ads.yahoo.com https://*.zopim.com https://*.facebook.com https://ddw3p1oh0ex89.cloudfront.net data: https://idsync.rlcdn.com https://js.intercomcdn.com https://*.openx.net https://ib.adnxs.com https://x.bidswitch.net https://analytics.twitter.com https://*.stripe.com 'self';font-src https://*.zopim.com data: https://fonts.gstatic.com;connect-src https://api-iam.intercom.io/ https://api.segment.io https://*.fullstory.com https://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://app.getsentry.com wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://*.zopim.com https://api-ping.intercom.io https://*.stripe.com 'self'; |