Content-Security-Policy: frame-ancestors https://posthog.com https://preview.posthog.com

Content-Security-Policy-Report-Only: default-src 'self'; style-src 'self' 'unsafe-inline' https://*.posthog.com https://fonts.googleapis.com; script-src 'self' 'nonce-HZADtUeDhzaUwEENWmkHhw' https://*.posthog.com https://*.i.posthog.com; font-src 'self' https://*.posthog.com https://app-static.eu.posthog.com https://app-static-prod.posthog.com https://d1sdjtjk6xzm7.cloudfront.net https://fonts.gstatic.com https://cdn.jsdelivr.net https://assets.faircado.com https://use.typekit.net; worker-src 'self'; child-src 'none'; object-src 'none'; media-src https://res.cloudinary.com; img-src 'self' data: https://*.posthog.com https://posthog.com https://www.gravatar.com https://res.cloudinary.com https://platform.slack-edge.com https://raw.githubusercontent.com; frame-ancestors https://posthog.com https://preview.posthog.com https://vercel.com; connect-src 'self' https://www.posthogstatus.com https://*.posthog.com  https://raw.githubusercontent.com https://api.github.com; frame-src https:; manifest-src 'self'; base-uri 'self'; report-uri https://us.i.posthog.com/report/?token=sTMFPsFhdP1Ssg&sample_rate=0.1&v=2; report-to posthog