Content-Security-Policy: default-src 'self' self  *.google.com *.google.de *.google.co.uk *.google.co.jp *.google.co.kr *.google.com.au *.google.it *.google.es *.google.fr *.google.nl *.google.se *.google.ru *.google.pl  *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com; connect-src 'self' api.ingenuitycloudservices.com api.thghosting.com quoteapi.ingenuitycloudservices.com quoteapi.thghosting.com access.ingenuitycloudservices.com access.thghosting.com login.ingenuitycloudservices.com login.thghosting.com login.vps.net  *.google.com *.google.de *.google.co.uk *.google.co.jp *.google.co.kr *.google.com.au *.google.it *.google.es *.google.fr *.google.nl *.google.se *.google.ru *.google.pl  *.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com; frame-src 'self' login.ingenuitycloudservices.com login.thghosting.com login.vps.net  *.google.com *.google.de *.google.co.uk *.google.co.jp *.google.co.kr *.google.com.au *.google.it *.google.es *.google.fr *.google.nl *.google.se *.google.ru *.google.pl  *.googletagmanager.com *.g.doubleclick.net; font-src 'self' data:; img-src 'self' blob: data:  *.google.com *.google.de *.google.co.uk *.google.co.jp *.google.co.kr *.google.com.au *.google.it *.google.es *.google.fr *.google.nl *.google.se *.google.ru *.google.pl  *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleadservices.com; style-src 'self' 'unsafe-inline'; object-src 'none'; report-uri https://csp.thehut.net/thg; report-to csp