Content-Security-Policy: default-src https: 'unsafe-inline' 'unsafe-eval' 'self'; img-src https: data: 'self' https://media.clipchamp.com https://content.clipchamp.com https://www.google.com.au https://get.microsoft.com; media-src https: data: 'self' https://media.clipchamp.com https://content.clipchamp.com; font-src https: data: 'self'; worker-src 'none'; script-src 'self' 'unsafe-inline' https://wcpstatic.microsoft.com https://www.instagram.com https://www.tiktok.com https://sf16-website-login.neutral.ttwstatic.com https://bat.bing.com https://www.clarity.ms; style-src 'self' 'unsafe-inline' https://sf16-website-login.neutral.ttwstatic.com; manifest-src 'self' https://login.microsoftonline.com; connect-src 'self' https://app.clipchamp.com https://content-repo.clipchamp.com https://browser.events.data.microsoft.com https://api.ipify.org https://consentreceiverfd-prod.azurefd.net/v1/consent https://bat.bing.net https://bat.bing.com https://*.clarity.ms https://config.edge.skype.com; object-src 'none'; base-uri 'none'; form-action 'none'; frame-src https://www.tiktok.com https://www.instagram.com https://www.youtube.com https://get.microsoft.com; frame-ancestors https://app.contentful.com; upgrade-insecure-requests; report-to csp-reporting-endpoint;