Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.jquery.com *.twitter.com cdn.syndication.twimg.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.jsdelivr.net *.cqg.com *.amazonaws.com *.zdassets.com *.zopim.com *.ckeditor.com *.wistia.com api.smooch.io *.googletagmanager.com *.recaptcha.net wasm-eval js.sentry-cdn.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.twitter.com *.jsdelivr.net *.mailchimp.com *.twimg.com *.googleapis.com *.ckeditor.com *.gstatic.com *.zendesk.com *.googletagmanager.com *.recaptcha.net; img-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.twitter.com *.twimg.com data: *.zopim.io *.gstatic.com *.googleapis.com *.ckeditor.com *.wistia.com embedwistia-a.akamaihd.net api.smooch.io *.zendesk.com; media-src 'self' *.zdassets.com blob: data; frame-src 'self' *.twitter.com *.youtube.com *.google.com *.cqg.com *.recaptcha.net *.googletagmanager.com *.doubleclick.net webfacet.cqg.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' embedwistia-a.akamaihd.net *.github.com *.gstatic.com data:; connect-src wss: 'self' www.google.co.in region1.analytics.google.com *.google.com *.google-analytics.com stats.g.doubleclick.net *.cqg.com *.zdassets.com *.zendesk.com widget-mediator.zopim.com  *.wistia.com *.litix.io embedwistia-a.akamaihd.net api.smooch.io *.googlesyndication.com; report-uri /report-csp-violation; upgrade-insecure-requests