Content-Security-Policy: default-src 'self' 'unsafe-inline' https://cord.com https://cord.co https://*.cord.com https://*.co-hire.com https://cohire-image-bucket-2.s3.us-west-2.amazonaws.com https://cord-image-bucket.s3.eu-west-1.amazonaws.com https://cohire-image-bucket-2.s3.amazonaws.com https://cord-image-bucket.s3.amazonaws.com https://assets.co-hire.com https://assets.cord.co wss://ws3.hotjar.com https://player.vimeo.com/ https://*.stripe.com https://www.youtube.com/ https://*.hotjar.com https://*.hotjar.io wss://ws9.hotjar.com wss://ws-eu.pusher.com https://sockjs-eu.pusher.com; script-src 'self' https://www.datadoghq-browser-agent.com https://www.helpkit.so/widget/script.js https://www.youtube.com https://embed.typeform.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' https://cord.com https://cord.co https://*.cord.co https://*.co-hire.com https://assets.co-hire.com https://assets.cord.co https://www.googleoptimize.com https://optimize.google.com https://js.stripe.com https://*.stripe.com https://s.ytimg.com www.google-analytics.com https://maps.googleapis.com https://places.googleapis.com www.googleapis.com https://snap.licdn.com https://*.google.com https://*.pusher.com https://www.googletagmanager.com https://cohire-public-bucket-1.s3-eu-west-1.amazonaws.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://bat.bing.com https://js.hs-scripts.com https://*.hsadspixel.net https://*.hs-banner.com https://*.hs-analytics.net https://*.usemessages.com https://cal.com https://*.cal.com https://cord.cal.com; img-src * https://*.google-analytics.com https://*.analytics.google.com https://*.hubspot.com data:; media-src * https://cohire-image-bucket-2.s3.amazonaws.com https://cord-image-bucket.s3.amazonaws.com; style-src * https://fonts.googleapis.com https://embed.typeform.com 'unsafe-inline'; frame-src 'self' https://open.spotify.com https://*.cord.co https://cordpeople.helpkit.so https://cordsupport.helpkit.so form.typeform.com https://giphy.com https://*.hotjar.com/ https://optimize.google.com https://*.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://*.doubleclick.net/ https://www.loom.com https://app.mode.com https://js.stripe.com/ https://visualize.graphy.app/ https://meetings.hubspot.com/ https://*.hubspot.com https://cal.com https://*.cal.com https://cord.cal.com; connect-src 'self' https://cord.co https://*.cord.co https://helpkit-strapi-production.onrender.com/projects/cordsupport https://helpkit-strapi-production.onrender.com/projects/cordpeople https://*.bugsnag.com/ wss://ws1.hotjar.com wss://*.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.pusher.com wss://ws-eu.pusher.com/ https://*.hotjar.io https://*.clearbit.com https://cohire-image-bucket-2.s3.us-west-2.amazonaws.com https://cord-image-bucket.s3.eu-west-1.amazonaws.com https://assets.co-hire.com https://assets.cord.co https://cord-insights-library.cdn.prismic.io https://cord-hiring-resources.cdn.prismic.io https://maps.googleapis.com https://places.googleapis.com https://stats.g.doubleclick.net https://fonts.googleapis.com www.googletagmanager.com https://*.browser-intake-datadoghq.eu https://*.hubapi.com https://*.hubspot.com https://*.hs-banner.com https://cal.com https://*.cal.com https://cord.cal.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://assets.co-hire.com https://assets.cord.co https://script.hotjar.com data:; object-src 'none'; worker-src 'self' blob:;