Content-Security-Policy: default-src 'self' bam.nr-data.net app.mycompliancereport.com app.keysurvey.com static.ada.support rollout.ada.support ethico.ada.support; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com js-agent.newrelic.com app.mycompliancereport.com static.ada.support; style-src 'self' 'unsafe-inline' app.mycompliancereport.com; img-src 'self' app.mycompliancereport.com data:; plugin-types application/pdf application/txt;