Content-Security-Policy: script-src 'self' 'unsafe-inline' blob: https://*.google-analytics.com https://*.mavenwidgets.net https://*.onmaven.app https://*.osano.com https://apis.google.com https://cdn.heapanalytics.com https://cdn.plaid.com https://chat.onmaven.app https://heapanalytics.com https://js.stripe.com https://stonly.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; script-src-elem 'self' 'unsafe-inline' blob: https://*.google-analytics.com https://*.mavenwidgets.net https://*.onmaven.app https://*.osano.com https://apis.google.com https://cdn.heapanalytics.com https://cdn.plaid.com https://chat.onmaven.app https://heapanalytics.com https://js.stripe.com https://stonly.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; default-src 'self' 'unsafe-inline' blob: data: https://*.google-analytics.com https://*.googleapis.com https://*.mavenwidgets.net https://*.onmaven.app https://*.osano.com https://cdn.plaid.com https://js.stripe.com https://www.google.com https://www.googletagmanager.com https://us-central1-scratch-borrower-portal.cloudfunctions.net https://o69629.ingest.sentry.io; object-src 'none'; worker-src 'self' blob:; manifest-src 'self'; report-to csp-endpoint; report-uri https://o69629.ingest.us.sentry.io/api/1530307/security/?sentry_key=ebd8037fcabf4aa79e6654e4d0184453&sentry_environment=production