Content-Security-Policy: script-src 'unsafe-eval' 'unsafe-inline' 'self'   *.lfeeder.com *.claydar.com *.openai.com chatgpt.com *.donal-tobin.workers.dev *.immagnify.com www.google.com www.gstatic.com *.upvert.io *.upvertcdn.io *.liadm.com *.usbrowserspeed.com *.getwarmly.com *.datashopper.com *.hubspot.com *.sentry-cdn.com *.cloudflare.com *.googleapis.com *.apollo.io *.redditstatic.com *.gstatic.com *.wistia.com *.termly.io *.unifyintent.com *.calendly.com *.adroll.com *.whattime.co.kr *.amazonaws.com *.referralcandy.com *.doubleclick.net *.clearbitscripts.com *.arcade.software *.clarity.ms *.clearbitjs.com *.capterra.com *.facebook.net *.googletagmanager.com *.hs-scripts.com *.licdn.com *.woopra.com *.ads-twitter.com *.youtube.com *.hotjar.com *.hsforms.net *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.bing.com *.google-analytics.com *.g2crowd.com *.autopilothq.com *.mxpnl.com *.chilipiper.com *.googleadservices.com *.clickcease.com *.intercomcdn.com  *.intercom.io *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com; worker-src 'self' blob:; frame-src www.google.com www.gstatic.com app.vwo.com whattime.co.kr calendly.com *.liadm.com *.adroll.com *.doubleclick.net *.youtube.com *.facebook.com *.hsforms.com *.chilipiper.com *.arcade.software *.googletagmanager.com *.visualwebsiteoptimizer.com; default-src https: wss: data: 'unsafe-inline' ; object-src 'none'; frame-ancestors 'none' ; media-src 'self' blob: https: