Content-Security-Policy: report-uri https://csp.microsoft.com/report/Viva-Pulse-PROD; frame-ancestors 'self' https://teams.microsoft.com https://teams.cloud.microsoft https://loop.microsoft.com https://df.loop.microsoft.com https://dev.loop.microsoft.com https://local.loop.microsoft.com https://loop.cloud.microsoft https://loop.cloud.dev.microsoft http://localhost:* http://127.0.0.1:*;connect-src 'self' https://*.skype.com https://*.microsoftonline.com https://*.microsoft.com https://vivapulseapp.prod.microsoft.com wss://dogfood.augloop.svc.cloud.microsoft wss://*.dogfood.augloop.svc.cloud.microsoft wss://*.augloop-dogfood.officeppe.com wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft wss://*.augloop.office.com https://arc.msn.com https://*.msauth.net https://*.office.net https://*.office.com https://*.office365.com https://js.monitor.azure.com https://*.live.com https://teams.cloud.microsoft;base-uri 'none'; worker-src 'self' https://*.office.com https://*.microsoftonline.com https://*.microsoft.com; default-src 'self'; form-action 'none'; upgrade-insecure-requests; manifest-src 'self'; block-all-mixed-content; media-src 'none'; object-src 'none'; script-src 'self' https://*.msauth.net https://*.msftauth.net https://*.office365.com https://*.office.net https://js.monitor.azure.com 'report-sample'; style-src 'unsafe-inline' 'self' 'report-sample';img-src 'self' https: data:; font-src 'self' https://*.sharepointonline.com https: data:; frame-src 'self' https://microsoft-onmicrosoft-com.access.mcas.ms https://*.office.com https://*.microsoftonline.com https://*.microsoft.com;