Content-Security-Policy | default-src 'self'; frame-src accounts.google.com apis.google.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src https://proactive.nationwide.co.uk 'self' *; script-src apis.google.com assets.kampyle.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com https://apis.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com 'self' static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net 'unsafe-inline' http://www.google.com/; |