Content-Security-Policy: upgrade-insecure-requests; default-src 'self'; connect-src 'self' *.piano.io *.tinypass.com www.googletagmanager.com www.google.com *.google-analytics.com *.analytics.google.com *.doubleclick.net cdn.ampproject.org *.googlesyndication.com adservice.google.com *.ampproject.net *.linkedin.com cdn.linkedin.oribi.io forms.hubspot.com forms.hscollectedforms.net api.hubapi.com js.hs-banner.com *.hubspot.com static.hsappstatic.net *.scriptintel.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.thecyberwire.com *.piano.io *.tinypass.com www.npttech.com www.google.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net code.jquery.com pay.gocardless.com cdn.ampproject.org snap.licdn.com js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsleadflows.net *.hubspot.com *.scriptintel.io *.usbrowserspeed.com; frame-src 'self' *.piano.io *.tinypass.com *.megaphone.fm *.vimeo.com *.youtube.com cyberwire.wufoo.com *.doubleclick.net www.googletagmanager.com *.hs-sites.com *.scriptintel.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: https: blob:; media-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; report-uri /csp/report