Content-Security-Policy: default-src 'self' *.bdimg.com; worker-src 'self' blob: data:; script-src 'self' qrc: 'nonce-NzgxY2FmZGMtYzRhMS00Nzg4LThlMDMtYzJmYmIwMDM3ZmJk' 'strict-dynamic' 'unsafe-eval' www.youtube.com *.googletagmanager.com googletagmanager.com tagmanager.google.com http://static.geevisit.com https://gcaptcha4.geetest.com https://gcaptcha4.geetest.com https://static.geetest.com maps.googleapis.com https://*.hotjar.com https://*.clarity.ms https://c.bing.com 'unsafe-inline' api.map.baidu.com dlswbr.baidu.com *.bdimg.com mapopen-pub-jsapi.cdn.bcebos.com; style-src 'self' 'unsafe-inline' fonts.googlefonts.cn fonts.googleapis.com *.googletagmanager.com googletagmanager.com tagmanager.google.com https://static.geetest.com https://static.geevisit.com *.bblmw.cn api.map.baidu.com; img-src 'self' blob: data: https: https://*.hotjar.com *.baidu.com *.bdimg.com *.map.baidu.com; font-src 'self' blob: data: fonts.gstatic.com fonts.gstatic.googlefonts.cn https://*.hotjar.com *.bblmw.com *.bblmw.cn https://consent.trustarc.com; media-src 'self' *.bambulab.cn *.bambulab.com *.bblmw.cn *.bblmw.com; connect-src 'self' https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com data: *.baidu.com *.bdimg.com *.map.baidu.com ; frame-src www.youtube-nocookie.com www.facebook.com www.youtube.com www.bilibili.com space.bilibili.com player.bilibili.com https://td.doubleclick.net https://www.googletagmanager.com https://consent-pref.trustarc.com; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; block-all-mixed-content;