Content-Security-Policy | script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com www.google-analytics.com ajax.googleapis.com http://stats.g.doubleclick.net https://*.googleapis.com https://maps.gstatic.com https://www.google.com/maps https://ajax.googleapis.com https://api.fixer.io https://www.googletagmanager.com http://tagmanager.google.com; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' https://*.googleapis.com http://fonts.googleapis.com; img-src 'self' data: https://www.medirect.com.mt https://www.charts.com.mt http://stats.g.doubleclick.net https://www.google-analytics.com https://lt.morningstar.com http://*.cloudfront.net http://www.google-analytics.com https://www.google.com/ads/* https://www.google.com.mt/ads/*; child-src 'self' secure.medirect.com.mt https://www.google.com https://lt.morningstar.com https://quotespeed.morningstar.com; connect-src 'self' https://www.medirect.com.mt/gettools https://www.charts.com.mt/gettools |