Content-Security-Policy | default-src 'self'; connect-src 'self' www.google.com api.mixpanel.com http://*.hotjar.com https://*.hotjar.com wss://*.hotjar.com http://*.netdna-ssl.com https://*.netdna-ssl.com; script-src 'self' 'unsafe-eval' https://*.google.com https://*.gstatic.com http://www.googletagmanager.com https://www.googletagmanager.com http://www.google-analytics.com https://www.google-analytics.com 'sha256-VcWlVQSHJgDb/LZXPqAL5lLlF6CIWJtGXAxWyIIfDkU=' http://*.hotjar.com https://*.hotjar.com https://cdn.jsdelivr.net http://*.netdna-ssl.com https://*.netdna-ssl.com; style-src 'self' 'unsafe-inline' blob: http://*.netdna-ssl.com https://*.netdna-ssl.com; img-src 'self' data: http://www.google-analytics.com https://www.google-analytics.com http://*.netdna-ssl.com https://*.netdna-ssl.com; font-src 'self' data: http://*.netdna-ssl.com https://*.netdna-ssl.com; frame-src https://*.google.com https://*.youtube.com http://www.googletagmanager.com https://www.googletagmanager.com; child-src https://*.google.com https://*.youtube.com http://www.googletagmanager.com https://www.googletagmanager.com; object-src 'none'; |