Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.google.com *.google.de *.google.co.uk *.google.co.jp *.google.co.kr *.google.com.au *.google.it *.google.es *.google.fr *.google.nl *.google.se *.google.ru *.google.pl  quoteapi.ingenuitycloudservices.com quoteapi.thghosting.com access.ingenuitycloudservices.com access.thghosting.com api.ingenuitycloudservices.com api.thghosting.com login.ingenuitycloudservices.com login.vps.net login.thghosting.com login.fabrc.cloud stats.g.doubleclick.net *.google-analytics.com *.googletagmanager.com https://js.stripe.com ; connect-src 'self' ws:  *.google.com *.google.de *.google.co.uk *.google.co.jp *.google.co.kr *.google.com.au *.google.it *.google.es *.google.fr *.google.nl *.google.se *.google.ru *.google.pl  console.vps.net quoteapi.ingenuitycloudservices.com quoteapi.thghosting.com access.ingenuitycloudservices.com access.thghosting.com api.ingenuitycloudservices.com api.thghosting.com login.ingenuitycloudservices.com login.vps.net login.thghosting.com login.fabrc.cloud stats.g.doubleclick.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com; img-src 'self' blob: data:  *.google.com *.google.de *.google.co.uk *.google.co.jp *.google.co.kr *.google.com.au *.google.it *.google.es *.google.fr *.google.nl *.google.se *.google.ru *.google.pl  *.google-analytics.com *.g.doubleclick.net *.googleadservices.com *.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com cdnjs.cloudflare.com https://js.stripe.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' *.fabrc.cloud https://js.stripe.com login.ingenuitycloudservices.com login.vps.net login.thghosting.com login.fabrc.cloud *.googletagmanager.com *.doubleclick.net; report-uri https://csp.thehut.net/thg https://thgcp.report-uri.com/r/d/csp/enforce; report-to default