Content-Security-Policy-Report-Only | block-all-mixed-content;upgrade-insecure-requests;default-src 'self';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://maps.googleapis.com https://dev.visualwebsiteoptimizer.com https://connect.facebook.net https://maps.googleapis.com https://www.facebook.com https://www.googleadservices.com https://platform.twitter.com https://platform.linkedin.com https://www.google-analytics.com https://tagmanager.google.com;style-src 'self' 'unsafe-inline' https://cloud.typography.com https://fonts.googleapis.com https://www.facebook.com https://tagmanager.google.com;img-src 'self' data: https://maps.googleapis.com/ https://www.google-analytics.com https://*.gstatic.com https://syndication.twitter.com https://www.facebook.com https://*.doubleclick.net https://static.licdn.com https://dev.visualwebsiteoptimizer.com https://www.google.com/ads/ https://www.google.nl/ads/ https://www.linkedin.com/analytics/;child-src 'self' https://player.vimeo.com https://www.facebook.com https://*.doubleclick.net https://staticxx.facebook.com https://platform.twitter.com https://platform.linkedin.com/js/;font-src 'self' 'unsafe-inline' data: https://cloud.typography.com https://fonts.googleapis.com https://fonts.gstatic.com;media-src 'self' https://vimeo.com;form-action 'self';frame-ancestors 'none';plugin-types application/pdf image/svg+xml;report-uri /csp |