Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bunq.com *.visualwebsiteoptimizer.com *.thisgreencolumn.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.doubleclick.net *.google.com framerusercontent.com framer.com *.framer.com *.framerstatic.com *.framerforms.com *.taboola.com *.licdn.com *.redditstatic.com *.ads-twitter.com analytics.tiktok.com sc-static.net *.facebook.net *.snapchat.com *.contentsquare.net *.contentsquare.com www.youtube.com s.ytimg.com; style-src 'self' 'unsafe-inline' *.bunq.com *.googleapis.com framerusercontent.com; img-src 'self' data: blob: *.bunq.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.google.com *.googleadservices.com *.google.nl *.visualwebsiteoptimizer.com *.thisgreencolumn.com framerusercontent.com *.adjust.com *.ads.linkedin.com *.reddit.com t.co analytics.twitter.com *.facebook.com *.contentsquare.net i.ytimg.com; font-src 'self' data: *.gstatic.com framerusercontent.com; media-src 'self' *.bunq.com http://*.bunq.com framerusercontent.com; connect-src 'self' *.bunq.com *.s3.amazonaws.com *.adjust.com *.visualwebsiteoptimizer.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.google.com *.googleadservices.com *.thisgreencolumn.com *.framer.com *.framerstatic.com framerusercontent.com *.framerforms.com *.instatus.com *.reddit.com *.taboola.com *.ads.linkedin.com *.snapchat.com *.tiktokw.us analytics.tiktok.com *.facebook.com *.contentsquare.net *.contentsquare.com *.az.contentsquare.net; frame-src 'self' *.googletagmanager.com framer.com *.bunq.com *.snapchat.com *.contentsquare.com www.youtube.com www.youtube-nocookie.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests;