Content-Security-Policy | default-src https://onesignal.com wss://ws.pusherapp.com/ https://fonts.gstatic.com *.pubnub.com *.cloudfront.net *.googleapis.com *.freshdesk.com wss://chat.freshdesk.com https://app.partnerlottery.com *.partnerlottery.com *.yandex.ru 'self'; script-src https://onesignal.com https://cdn.onesignal.com https://stats.pusher.com https://zapcdn.space *.gstatic.com *.google.com https://pushpad.xyz *.google-analytics.com *.yandex.ru freegeoip.net *.freshdesk.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; font-src https://fonts.gstatic.com fonts.gstatic.com 'self'; object-src 'self'; style-src https://onesignal.com *.cloudfront.net *.freshdesk.com *.googleapis.com 'self' 'unsafe-inline'; img-src * data:; child-src https://app.partnerlottery.com *.google.com *.freshdesk.com 'self'; |