Content-Security-Policy: default-src 'self'; script-src 'self' 'strict-dynamic'; style-src 'self' 'unsafe-inline' https://dashboard.staging.elivelihood.com; img-src 'self' blob: data: https://dashboard.staging.elivelihood.com https://storage.googleapis.com/download/storage/v1/b/elivelihood-avatars/ https://storage.googleapis.com/elivelihood-media/ https://storage.googleapis.com/elivelihood-media-dev/ https://i.vimeocdn.com; font-src 'self' data: https://dashboard.staging.elivelihood.com; connect-src 'self' https://*.firebaseio.com https://*.google.com https://*.googleapis.com https://api.staging.elivelihood.com wss://api.staging.elivelihood.com https://i.vimeocdn.com; frame-src https://js.stripe.com https://player.vimeo.com https://coverright.com https://sso.coverrightmedicare.com https://accounts.google.com; object-src 'none'; base-uri 'self'; form-action 'self'; script-src-elem 'self' https://js.stripe.com https://accounts.google.com/gsi/client https://www.gstatic.com/firebasejs/