Content-Security-Policy | default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.googleapis.com/ https://www.google-analytics.com https://*.dropbox.com/ https://*.twitter.com/ https://cdn.syndication.twimg.com;object-src 'self';style-src 'self' 'unsafe-inline' https://*.googleapis.com/ https://*.twitter.com/ https://*.twimg.com/;img-src * data: blob:;media-src 'self';frame-src 'self' *;font-src 'self' data: https://fonts.gstatic.com;connect-src 'self' wss://*.com/signalr/ wss://*.co.uk/signalr/;child-src 'self' *;form-action 'self' https://syndication.twitter.com/i/jot https://platform.twitter.com;frame-ancestors 'self' |