Content-Security-Policy-Report-Only | connect-src 'self' http://*.tiles.mapbox.com;default-src 'self' ;font-src 'self' https://s3.amazonaws.com;frame-src 'self' http://static.ak.facebook.com https://s-static.ak.facebook.com https://*.facebook.com https://*.google.com;img-src 'self' data: https://*.facebook.com http://lorempixel.com http://*.tiles.mapbox.com https://*.google.com http://*.gstatic.com https://*.gstatic.com https://s3.amazonaws.com;media-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.gstatic.com http://*.facebook.net https://s3.amazonaws.com;style-src 'self' 'unsafe-inline' https://s3.amazonaws.com;report-uri 'self' |