Content-Security-Policy | script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ajax.aspnetcdn.com https://www.gstatic.com https://use.fontawesome.com https://*.googlesyndication.com https://googleadservices.com https://tag.getdrip.com https://connect.facebook.net https://cdnjs.cloudflare.com https://*.google.com https://code.jquery.com https://cdn.mathjax.org https://*.google-analytics.com https://*.googleapis.com https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://checkout.stripe.com; frame-src https://checkout.stripe.com https://googleads.g.doubleclick.net https://docs.google.com https://maps.google.com https://www.google.com https://www.youtube.com https://player.vimeo.com https://*.facebook.com; block-all-mixed-content; frame-ancestors 'none'; report-uri https://ivydev.report-uri.io/r/default/csp/enforce |