Content-Security-Policy: default-src 'self' data: blob: https://*.bamboohr.com https://*.bamboohr.co.uk *.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://*.facebook.com https://*.linkedin.com https://*.segment.io https://*.small-improvements.com https://api.rollbar.com https://bam.nr-data.net https://connect.facebook.net *.algolianet.com *.algolia.net embedwistia-a.akamaihd.net app.pendo.io cdn.pendo.io pendo-io-extensions.storage.googleapis.com pendo-static-5734959405072384.storage.googleapis.com https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://payments.subscriptionplatform.com https://s-static.ak.facebook.com themes.googleusercontent.com https://wufoo.com https://*.wufoo.com https://www.google.com https://tagmanager.google.com https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://*.zuora.com https://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://adobedc.demdex.net https://edge.adobedc.net https://assets.adobedtm.com https://graphql.seek.com/graphql https://*.force.com https://*.site.com wss://*.pusher.com https://*.checkr.com https://accounts.google.com https://login.microsoftonline.com https://*.typeform.com https://app.cronofy.com https://cdn.merge.dev https://*.embed-omniapp.co https://app.everafter.ai perimeterx.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.px-client.net *.g2.com https://gateway.remote-sandbox.com https://*.salesforce-scrt.com https://*.easyllama.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval' https://filesapi-prod-euw1-89e104dd.s3.eu-west-1.amazonaws.com https://*.leandata.com https://gateway.remote.com https://bhr-corp-prod-quote-tool.s3.us-west-2.amazonaws.com https://sdk.clairpay.io https://proxy.clairpay.io https://cdn.getclair.com ; script-src 'self' *.bamboohr.com *.bamboohr.co.uk data: blob: about https://*.bamboohr.com https://cdn.api.twitter.com https://connect.facebook.net https://bam.nr-data.net *.cloudfront.net staticfe.bamboohr.com staticfe.bamboohr.net https://accounts.google.com https://login.microsoftonline.com *.newrelic.com http://*.newrelic.com https://fast.wistia.net https://fast.wistia.com get.bamboohr.com *.algolianet.com *.algolia.net app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5734959405072384.storage.googleapis.com https://pi.pardot.com https://www.my1login.com https://app.onelogin.com ajax.googleapis.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://s3.amazonaws.com https://cdnjs.cloudflare.com https://wufoo.com https://*.wufoo.com https://*.linkedin.com https://bat.bing.com/bat.js https://www.googleadservices.com/pagead/conversion_async.js https://s.adroll.com/j/roundtrip.js https://*.segment.com https://*.segment.io https://bamboohr.formstack.com https://static.formstack.com https://storage.googleapis.com/code.snapengage.com/ https://www.snapengage.com https://cdn.plaid.com https://*.zuora.com https://adobedc.demdex.net https://edge.adobedc.net https://assets.adobedtm.com https://*.pusher.com wss://*.pusher.com https://*.sfdcstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com https://*.checkr.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://*.typeform.com https://app.cronofy.com perimeterx.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.px-client.net https://*.salesforce-scrt.com maps.googleapis.com https://cdn.merge.dev 'unsafe-inline' 'unsafe-eval' https://*.leandata.com ; img-src * data: blob: ; worker-src 'self' data: blob: ; report-uri /ajax/log_csp.php /ajax/parse_csp_report.php