Content-Security-Policy-Report-Only: default-src 'self' static.eu.contentful.com; connect-src 'self' https: wss: blob: https://realtime.eu.contentful.com wss://realtime.eu.contentful.com https://cdn.userflow.com https://e.userflow.com https://js.userflow.com wss://e.userflow.com; worker-src 'self' data: blob:; child-src 'self' blob:; style-src 'self' 'unsafe-inline' https://static.eu.contentful.com fonts.googleapis.com static.filestackapi.com https://static.fs.contentful.com https://cdn.embedly.com https://platform.iteratehq.com https://cdn.userflow.com https://js.userflow.com; script-src 'self' 'unsafe-eval' https://sgmnt-cdn.flinkly.com/ https://sgmnt-cdn.ctfassets.net  https://static.eu.contentful.com https://cdn.segment.com https://widget.intercom.io https://cmp.osano.com https://munchkin.marketo.net https://platform.iteratehq.com https://static.zuora.com static.filestackapi.com https://static.fs.contentful.com cdn.embedly.com https://*.googleapis.com https://js.intercomcdn.com https://cdn.userflow.com https://js.userflow.com; img-src 'self' https: data: blob: https://blob.userflow.com https://cdn.userflow.com https://js.userflow.com https://storage.googleapis.com/studio1-prod-blob/; frame-src https: http:; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://cdn.embedly.com https://cdn.f36.contentful.com; media-src blob: data: https://blob.userflow.com https://cdn.userflow.com https://storage.googleapis.com/studio1-prod-blob/; report-uri https://o2239.ingest.sentry.io/api/8049/security/?sentry_key=d7f94d499ede45c08126413ec4f09b29&sentry_environment=production;