Content-Security-Policy | default-src 'self'; script-src 'self' use.typekit.net ajax.googleapis.com maps.googleapis.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' *.typekit.net *.gravatar.com maps.googleapis.com *.gstatic.com data:; style-src 'self' netdna.bootstrapcdn.com maps.googleapis.com cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' use.typekit.net netdna.bootstrapcdn.com data:; frame-src 'self' www.google.com www.youtube.com *.vimeo.com maps.googleapis.com; |