Content-Security-Policy-Report-Only: default-src 'self' https://connect.unless.com https://connect.unless.com http://localhost:3009;child-src 'self';connect-src 'self' https://*.google-analytics.com https://*.sentry.io https://connect.unless.com https://connect.unless.com wss://connect.unless.com/ http://localhost:3009 https://*.posthog.com ;font-src 'self' https://*.googleapis.com https://*.gstatic.com;frame-src 'self' https://accounts.google.com https://connect.unless.com https://connect.unless.com http://localhost:3009 https://www.youtube.com;img-src 'self' data: https://connect.unless.com https://connect.unless.com https://*.google-analytics.com https://*.googleapis.com https://*.posthog.com https://img.logo.dev https://*.ytimg.com;manifest-src 'self';media-src 'self';object-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://connect.unless.com https://connect.unless.com https://*.google-analytics.com https://*.googleapis.com https://apis.google.com https://*.posthog.com https://www.youtube.com ;style-src blob: 'self' 'unsafe-inline' https://*.googleapis.com https://connect.unless.com https://connect.unless.com;worker-src blob: 'self' https://connect.unless.com https://connect.unless.com https://*.googleapis.com https://*.posthog.com;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests