Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com; frame-src 'self' https://*.stripe.com https://clef.io https://*.google.com; img-src 'self' data: https://*.stripe.com http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com fbcdn-profile-a.akamaihd.net *.twimg.com *.googleusercontent.com *.xingassets.com vk.com *.yimg.com secure.gravatar.com; style-src 'self' 'unsafe-inline' https://*.stripe.com http://*.googleapis.com https://*.googleapis.com http://*.gstatic.com https://*.gstatic.com hello.myfonts.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net fonts.googleapis.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com data:; connect-src 'self' https://*.stripe.com twitter.com *.xing.com |