Content-Security-Policy: default-src 'self' *.startpage.com; script-src 'self' *.startpage.com *.verify.startingpage.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.startpage.com 'unsafe-inline'; img-src 'self' blob: data: *.startpage.com *.verify.startingpage.com; frame-ancestors 'self'; connect-src 'self' *.startpage.com *.verify.startingpage.com; worker-src blob:; base-uri 'self' *.startpage.com; report-uri https://www.startpage.com/do/cspvr