Content-Security-Policy-Report-Only: default-src 'self' data: *.proofserve.com proofserve.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.proofserve.com *.stripe.com www.datadoghq-browser-agent.com *.posthog.com cdn.segment.com *.intercom.io *.intercomcdn.com cdn.jsdelivr.net www.googletagmanager.com maps.googleapis.com maps.gstatic.com *.typeform.com www.youtube.com; style-src 'self' 'unsafe-inline' *.proofserve.com fonts.googleapis.com cdn.jsdelivr.net api.mapbox.com; img-src 'self' data: blob: https:; font-src 'self' data: *.proofserve.com *.intercomcdn.com cdn.jsdelivr.net fonts.gstatic.com; connect-src 'self' data: *.proofserve.com proofserve.com *.stripe.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com session-replay-datadoghq.com *.posthog.com *.typesense.net api.segment.io cdn.segment.com *.intercom.io wss://*.intercom.io *.intercomcdn.com *.intercom-messenger.com wss://*.intercom-messenger.com *.intercomusercontent.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.mapbox.com maps.googleapis.com maps.gstatic.com *.amazonaws.com nominatim.openstreetmap.org; frame-src 'self' blob: *.proofserve.com *.stripe.com *.intercom.io intercom-sheets.com *.typeform.com www.youtube.com www.youtube-nocookie.com; media-src 'self' blob: https:; worker-src 'self' blob: cdn.jsdelivr.net; frame-ancestors 'self' *.proofserve.com; base-uri 'self'; form-action 'self' *.proofserve.com; object-src 'self' *.proofserve.com