Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; img-src 'self' data: https: blob:; connect-src 'self' https://*.googleapis.com https://*.firebaseio.com https://*.cloudfunctions.net wss://*.firebaseio.com https://www.google-analytics.com https://region1.google-analytics.com https://generativelanguage.googleapis.com https://*.adtrafficquality.google https://*.clarity.ms https://fundingchoicesmessages.google.com https://al5sm.com https://*.al5sm.com https://rtmark.net https://*.rtmark.net https://255md.com https://*.255md.com https://n6wxm.com https://*.n6wxm.com https://nap5k.com https://*.nap5k.com https://tzegllo.com https://*.tzegllo.com https:; frame-src 'self' https://*.firebaseapp.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://*.adtrafficquality.google https://fundingchoicesmessages.google.com; object-src 'none'; base-uri 'self';