Content-Security-Policy: base-uri 'self'; report-uri https://csp-logging.m-operations.com/cspheaders; frame-ancestors 'self' constantcontact.com *.constantcontact.com constantcontact.my.site.com constantcontact.my.salesforce-scrt.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' constantcontact.com *.constantcontact.com constantcontact.my.site.com constantcontact.my.salesforce-scrt.com *.moosend.com *.moostaging.com cdn.transifex.com cdn.segment.com *.adroll.com fast.appcues.com widget.intercom.io www.google-analytics.com app.satismeter.com js.intercomcdn.com ajax.googleapis.com cdn.tiny.cloud social.uploadcare.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com pay.google.com songbird.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.paypal.com kit.fontawesome.com storage.googleapis.com js.pusher.com labs.pathfix.com connect.facebook.net sitecoredelivr.sitecorecloud.io portal-staging.sitecore-staging.cloud portal.sitecorecloud.io *.highcharts.com; object-src 'none';