Content-Security-Policy: script-src 'nonce-1xI/jSFab0FKqcZL0NKRiw==' 'strict-dynamic' 'self' https://*.fontawesome.com https://resources.myhelcim.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://pay.google.com/ https://accounts.google.com/gsi/intermediate https://*.helcim.app/helcim-pay/services/start.js https://signal.helcim.com https://accounts.google.com/gsi/client; connect-src 'self' https://*.fontawesome.com https://*.helcim.app https://secure.myhelcim.com https://api.myhelcim.com https://signal.helcim.com https://apm-proxy.helcim.com/apm/in https://maps.googleapis.com https://www.google.com https://accounts.google.com https://pay.google.com https://play.google.com https://www.gstatic.com https://maps.gstatic.com https://google.com/pay; img-src 'self' https://maps.googleapis.com https://www.gstatic.com https://maps.gstatic.com https://www.google.com https://pay.google.com https://accounts.google.com https://lh3.googleusercontent.com https://favicons/ https://images.myhelcim.com https://cloud-files.helcim.com data: blob:; form-action 'self' https://settings.helcim.com; frame-ancestors 'self' https://*.helcim.app https://*.myhelcim.com;frame-src https://secure.helcim.app/  https://www.google.com https://accounts.google.com https://pay.google.com; child-src https://www.google.com/; report-to csp-endpoint;