Content-Security-Policy: default-src 'self' *.launchdarkly.com *.ada.support *.ada-dev.support *.ada-dev2.support *.ada-stage.support headway-widget.net browser-intake-datadoghq.com *.browser-intake-datadoghq.com *.ada.cx https://*.chameleon.io; connect-src 'unsafe-inline' *.posthog.com *.launchdarkly.com *.ada.support *.ada-dev.support *.ada-dev2.support *.ada-stage.support *.datadoghq.com datadog.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com *.pusher.com wss://*.pusher.com sentry.io *.sentry.io *.okta.com *.vidyard.com *.ada.cx *.hubapi.com *.hscollectedforms.net *.hubspot.com https://*.chameleon.io; frame-src 'self' ada.cx *.ada.cx *.ada.support *.ada-dev.support *.ada-dev2.support *.ada-stage.support *.okta.com *.vidyard.com *.wistia.com https://fast.wistia.net https://headway-widget.net https://form.typeform.com https://app.svix.com https://*.chameleon.io https://www.youtube.com; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' *.ada.support; img-src 'self' https: data: https://*.chameleon.io blob:; media-src 'self' https: blob:; script-src 'unsafe-inline' *.launchdarkly.com *.ada.support *.ada-dev.support *.ada-dev2.support *.ada-stage.support blob: *.posthog.com *.headwayapp.co https://*.chameleon.io; script-src-attr 'none'; script-src-elem 'unsafe-inline' *.ada.cx *.ada.support *.ada-dev.support *.ada-dev2.support *.ada-stage.support *.posthog.com *.headwayapp.co *.storage.googleapis.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.hsleadflows.net *.hubspot.com https://*.chameleon.io; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; report-uri https://o38990.ingest.sentry.io/api/97224/security/?sentry_key=4e7b13b67aea4b12ada7bf728e8b3a7a;