Content-Security-Policy | default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com ajax.googleapis.com ajax.aspnetcdn.com cdnjs.cloudflare.com;style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.google.com;img-src 'self' images.higheredgrowth.com *.google.com *.googleapis.com;frame-src 'self' *.google.com;font-src 'self' maxcdn.bootstrapcdn.com;connect-src 'self';form-action 'self' *.google.com;report-uri /WebResource.axd?cspReport=true |