Content-Security-Policy: default-src 'self';  font-src * 'self' 'unsafe-eval' 'unsafe-inline' data: *.gstatic.com *.vercel.app *.here.com *.googleapis.com;  script-src 'unsafe-inline' 'unsafe-eval' 'self' *.webforms-here.com *.marketo.net *.marketo.com marketo.com vercel.live cdn.jsdelivr.net *.googletagmanager.com *.vimeo.com vimeo.com *.youtube.com *.vidyard.com vidyard.com youtu.be *.akamaized.net *.tiqcdn.com *.bizible.com *.contently.com *.d41.co *.tealiumiq.com *.doubleclick.net *.ytimg.com *.ipdata.co *.here.com *.vercel.app *.onrecruit.net *.ads.linkedin.com *.omniconvert.com *.newrelic.com *.cloudflare.com *.vercel-scripts.com;  style-src 'self' 'unsafe-inline' *.here.com *.marketo.com *.googleapis.com;  connect-src 'self' *.d41.co *.google.com *.contently.com *.tealiumiq.com *.mktoresp.com *.ipdata.co *.hereapi.com blob: *.here.com *.demdex.net *.marketo.net ipapi.co *.vercel.app *.doubleclick.net *.linkedin.com *.omniconvert.com *.nr-data.net *.api.here.com *.hereapi.com *.algolia.net *.algolianet.com *.algolia.io;  img-src * 'self' blob: data:;  frame-ancestors 'self' website.webforms-here.com app.contentful.com;  worker-src 'self' 'unsafe-eval' blob:;  child-src 'none';  object-src 'none';  frame-src 'self' *.webforms-here.com *.marketo.com *.marketo.net vercel.live *.googletagmanager.com *.vimeo.com vimeo.com *.youtube.com youtube.com youtu.be *.akamaized.net *.vidyard.com *.tags.tiqcdn.com *.contently.com *.doubleclick.net *.fls.doubleclick.net *.here.com flo.uri.sh *.flourish.studio javascript-apis.vercel.app here-rest-apis.vercel.app hxp-here-fleet-calculator.vercel.app *.widen.net *.kaltura.com;