Content-Security-Policy: default-src 'self' https:; media-src 'self' blob: data: https://storage.googleapis.com https://*.loom.com https://*.vimeo.com https://*.vimeocdn.com; connect-src 'self' https: data: www.loom.com https://checkout.stripe.com https://api.stripe.com https://maps.googleapis.com https://*.getbeamer.com https://*.birdie.so wss://*.birdie.so https://api.vimeo.com https://*.vimeo.com https://*.vimeocdn.com wss://collaboration.trainual.com/ws; font-src 'self' https: data: fonts.googleapis.com fonts.gstatic.com; img-src 'self' https: data: *; object-src 'none'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' *; style-src 'self' https: 'unsafe-inline'; frame-src 'self' https: data: *; frame-ancestors 'self' https: data: *; worker-src 'self' https: blob: