Content-Security-Policy: default-src 'self' https://featureassets.org https://cloudflare-dns.com https://statsigapi.net https://prodregistryv2.org https://api.statsig.com https://featuregates.org https://events.statsigapi.net https://api.statsigcdn.com https://assetsconfigcdn.org https://beyondwickedmapping.org https://*.prioritycommerce.com https://www.googletagmanager.com https://*.prioritypaymentsystems.com https://*.mxconnect.com wss://*.mxconnect.com https://*.mxmerchant.com https://*.duosecurity.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://www.youtube.com https://*.ytimg.com https://*.cloudfront.net https://web.delighted.com https://delighted.com https://o970791.ingest.us.sentry.io wss://ws.pusherapp.com 'unsafe-inline' 'unsafe-eval' data:; object-src 'none';