Content-Security-Policy: default-src 'self' https://qwww.aexp-static.com https://www.aexp-static.com script-src 'self' 'unsafe-inline' https://*.akstat.io https://www.googletagmanager.com https://www.google-analytics.com https://use.fontawesome.com https://*.go-mpulse.net https://fonts.gstatic.com  https://fonts.googleapis.com https://cdnjs.cloudflare.com style-src 'self' 'unsafe-inline' https://qwww.aexp-static.com https://www.aexp-static.com https://fonts.googleapis.com  img-src 'self' data: https://qwww.aexp-static.com https://www.aexp-static.com connect-src 'self' https://*.akstat.io https://*.go-mpulse.net https://*.akamaihd.net https://*.americanexpress.com  https://www.google-analytics.com frame-ancestors 'self' https://gim-qaeusw1.americanexpress.com https://gim.americanexpress.com https://cdaas.americanexpress.com report-uri /csp-report;