Content-Security-Policy-Report-Only: default-src 'self' static.upfeel.com ; script-src 'unsafe-inline' 'unsafe-eval' static.upfeel.com apis.google.com player.vimeo.com www.youtube.com www.google-analytics.com www.googletagmanager.com static.hsappstatic.net snap.licdn.com *.hotjar.com googleads.g.doubleclick.net ; script-src-elem 'unsafe-inline' static.upfeel.com *.axept.io player.vimeo.com www.youtube.com www.gstatic.com static.hsappstatic.net js.hs-scripts.com js.usemessages.com js.hsadspixel.net js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com apis.google.com www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net snap.licdn.com *.hotjar.com ; script-src-attr 'unsafe-inline' ; style-src 'unsafe-inline' ; style-src-elem 'unsafe-inline' ; style-src-attr 'unsafe-inline' ; img-src 'self' data: https: ; font-src static.upfeel.com data: ; connect-src *.upfeel.com *.staging.upfeel.io *.axept.io cdn.plyr.io noembed.com *.ingest.sentry.io *.google-analytics.com *.googleapis.com *.google.com *.google.fr *.googlesyndication.com cdn.linkedin.oribi.io *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.hubspot.com *.hubapi.com *.hscollectedforms.net *.hsforms.com ; object-src 'none' ; frame-src auth.upfeel.com form.typeform.com player.vimeo.com www.youtube.com meetings.hubspot.com vars.hotjar.com app.hubspot.com td.doubleclick.net ; frame-ancestors https://backoffice.staging.upfeel.io https://backoffice.prod.upfeel.io ; form-action 'none' ; block-all-mixed-content ; report-uri https://o940045.ingest.us.sentry.io/api/5960454/csp-report/?sentry_key=8f9c3dc751964853bc3de698fb82014e ;