Content-Security-Policy: default-src 'self';connect-src 'self' ws: https://*.google-analytics.com https://s3-eu-west-1.amazonaws.com;img-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com/ data: https://*.google-analytics.com https://*.doubleclick.net https://s3.amazonaws.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://js-agent.newrelic.com/nr-1044.min.js https://www.google.com https://www.gstatic.com https://*.google-analytics.com http://*.getclicky.com;style-src 'self' 'unsafe-inline' http://maxcdn.bootstrapcdn.com https://*.googleapis.com https://www.gstatic.com;font-src 'self' https://www.gstatic.com https://*.gstatic.com http://maxcdn.bootstrapcdn.com;frame-src 'self' https://www.google.com https://*.s3.amazonaws.com;report-uri /csp;