Content-Security-Policy-Report-Only | default-src checkout.stripe.com https://checkout.stripe.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tawk.to *.optimizely.com *.mxpnl.com https://cdn.api.twitter.com *.googleapis.com *.adroll.com https://by.uservoice.com s3.amazonaws.com *.cloudfront.net share.yandex.ru www.googleadservices.com https://maps.googleapis.com widget.uservoice.com connect.facebook.net graph.facebook.com cdn.api.twitter.com share.yandex.net maps.googleapis.com https://maps.gstatic.com mts0.googleapis.com mts1.googleapis.com code.highcharts.com https://use.typekit.net https://checkout.stripe.com ;style-src 'self' 'unsafe-inline' *.icomoon.io *.googleapis.com *.typekit.net s3.amazonaws.com *.cloudfront.net;img-src *;connect-src 'self' wss://*.tawk.to *.tawk.to *.mixpanel.com *.optimizely.com pdlvimeocdn-a.akamaihd.net pdl.vimeocdn.com;font-src 'self' data: fonts.gstatic.com use.typekit.net *.cloudfront.net;object-src *;media-src 'self' *.tawk.to https://pdlvimeocdn-a.akamaihd.net https://player.vimeo.com https://pdl.vimeocdn.com;frame-src *.tawk.to;report-uri https://www.tryrobin.com/csp-reports |