Content-Security-Policy: default-src 'self' blob: https: data: 'unsafe-eval' 'unsafe-inline' wss://*.pusher.com wss://*.on-aptible.com/ wss://*.gethealthie.com/ wss://*.tokbox.com/ wss://*.theoriginway.com apis.google.com www.googletagmanager.com www.google-analytics.com *.googleapis.com fonts.gstatic.com wss://*.zoom.us https://*.zoom.us *.theoriginway.com *.on-aptible.com *.stripe.com code.jquery.com *.launchdarkly.com *.helpscout.net *.mixpanel.com cdn.usefathom.com cdn.raygun.io *.trychameleon.com *.opentok.com cdn.tiny.cloud analytics.tiktok.com *.intercom.io cdn.amplitude.com www.clarity.ms *.pinimg.com cdn.heapanalytics.com bat.bing.com ct.pinterest.com connect.facebook.net cdn.jsdeliver.com js.intercomcdn.com js.userflow.com static.leaddyno.com use.fontawesome.com; img-src * blob: data:; frame-src 'self' https://*.theoriginway.com https: blob:; worker-src 'self' blob: data:; frame-ancestors 'self' https:; media-src 'self' http: https: blob: data:; report-uri https://report-to-api.raygun.com/reports?apikey=UZJFuGm8pxOvQrRGlh7CFw; report-to raygun;