Content-Security-Policy: frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://static.cloudflareinsights.com https://static.riff.new; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: https: blob:; connect-src 'self' https://*.claimfinder.com https://*.claimsplus.com.au https://*.classactions.com.au https://claims.au https://*.claims.au https://admin.claimfinder.com https://www.google-analytics.com https://analytics.google.com https://www.google.com https://cloudflareinsights.com https://static.riff.new https://*.g.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://region1.google-analytics.com; frame-src 'none'; object-src 'none'; base-uri 'self';