| Content-Security-Policy | script-src 'unsafe-inline' 'self' https://ajax.googleapis.com http://clients1.google.com https://apis.google.com https://maxcdn.bootstrapcdn.com http://dpua31b8kol8m.cloudfront.net http://heatmap.onesearch.org http://akdapi.com http://pkc.akdapi.com http://cdn.inspectlet.com/ http://dailyverses.net http://connect.facebook.net https://www.google-analytics.com/ https://staticxx.facebook.com http://staticxx.facebook.com http://js-agent.newrelic.com https://widget.surveymonkey.com http://widget.surveymonkey.com https://surveymonkey.com http://bcg.coupons.com http://feeds.feedburner.com http://ajax.googleapis.com https://code.jquery.com http://w.sharethis.com http://edge.sharethis.com http://seg.sharethis.com http://platform.twitter.com https://twitter.com https://usher.ttvnw.net http://momentjs.com http://underscorejs.org 'unsafe-eval'; child-src https://staticxx.facebook.com http://staticxx.facebook.com https://widget.surveymonkey.com http://widget.surveymonkey.com https://www.surveymonkey.com http://www.surveymonkey.com https://surveymonkey.com http://surveymonkey.com http://bcg.coupons.com https://docs.google.com http://feeds.feedburner.com https://www.facebook.com https://www.youtube.com http://cbsprt.co http://www.cbssports.com http://w.sharethis.com http://edge.sharethis.com http://seg.sharethis.com http://platform.twitter.com https://player.twitch.tv http://player.twitch.tv https://usher.ttvnw.net; report-uri /home/test |