Content-Security-Policy: block-all-mixed-content; default-src 'self' 'unsafe-inline' *.easyship.com *.jsdelivr.net fonts.googleapis.com fonts.ub-assets.com blob: builder-assets.unbounce.com *.website-files.com *.doubleclick.net app.hubspot.com player.vimeo.com *.hotjar.com *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.be *.google.fr *.google.ca *.google.de *.google.es *.google.be *.google.it *.google.ie; form-action 'self' *.hsforms.com www.facebook.com; frame-src 'self' *.hsforms.com www.facebook.com *.vimeo.com td.doubleclick.net *.cloudflare.com app.hubspot.com *.google.com *.youtube.com *.spotify.com; frame-ancestors 'self' *.easyship.com *.rainfactory.com; object-src 'none'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com fonts.ub-assets.com *.website-files.com *.hotjar.com *.jsdelivr.net; font-src 'self' data: fonts.gstatic.com fonts.ub-assets.com *.website-files.com *.easyship.com *.hotjar.com; connect-src *.vimeocdn.com 'self' boards-api.greenhouse.io *.website-files.com *.linkedin.com *.easyship.com cdn-cookieyes.com *.clarity.ms *.cookieyes.com *.google.com *.hubspot.com *.google-analytics.com stats.g.doubleclick.net sentry.io *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn.plyr.io *.ipify.org *.hsforms.com secure.intelligent-company-365.com www.googletagmanager.com *.cloudflare.com *.cloudflareinsights.com; img-src 'self' *.easyship.com data: *.hsforms.com *.cloudfront.net *.website-files.com cdn-cookieyes.com *.clarity.ms *.bing.com *.google.com *.linkedin.com *.hubspot.com *.intelligent-company-365.com *.facebook.com *.facebook.net easyship.ghost.io *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.vimeocdn.com *.hotjar.com s3.amazonaws.com uploads-ssl.webflow.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.vimeocdn.com *.gstatic.com *.vimeo.com js.hsforms.net *.ubembed.com js.hubspot.com blob: *.easyship.com builder-assets.unbounce.com *.website-files.com ajax.googleapis.com *.cloudfront.net cdn-cookieyes.com *.ads-twitter.com *.bing.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsleadflows.net *.impactradius-event.com *.jsdelivr.net *.licdn.com *.twitter.com *.usemessages.com *.vimeo.com *.intelligent-company-365.com *.sentry-cdn.com cdn.plyr.io; upgrade-insecure-requests;