Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' https://vercel.live https://*.vercel-scripts.com https://checkout.airwallex.com https://*.airwallex.com https://applepay.cdn-apple.com https://*.google.com https://*.gstatic.com https://*.recaptcha.net https://pay.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://checkout.airwallex.com https://*.airwallex.com; img-src 'self' data: blob: https://chatgate.ai https://cdn.chatgate.ai https://uploads.chatgate.ai https://*.supabase.co https://checkout.airwallex.com https://*.airwallex.com https://*.gstatic.com https://*.google.com https://cdnjs.cloudflare.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; connect-src 'self' https://*.supabase.co wss://*.supabase.co https://auth.chatgate.ai wss://auth.chatgate.ai https://agent.chatgate.ai wss://agent.chatgate.ai https://agent-preview.chatgate.ai wss://agent-preview.chatgate.ai https://api.openai.com https://api.anthropic.com https://openrouter.ai https://*.vercel-insights.com https://*.zohoapis.com https://api.airwallex.com https://api-demo.airwallex.com https://api.vercel.com https://checkout.airwallex.com https://*.airwallex.com https://*.google.com https://*.recaptcha.net https://*.gstatic.com https://*.sentry.io https://*.datadoghq.com https://*.browser-intake-datadoghq.com https://*.cloudflare.com https://*.cloudflareinsights.com https://*.icloud.com https://pay.google.com https://cloudflare-dns.com https://*.catche.co https://aroraprivacy.org https://featurastics.org https://cds.o4a.org; frame-src 'self' https://checkout.airwallex.com https://*.airwallex.com https://*.google.com https://*.recaptcha.net https://pay.google.com https://*.icloud.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self'