Content-Security-Policy: default-src https://*.shelf.io https://*.shelf-ssp.com * 'self' https://* https://*.s3.amazonaws.com; script-src https://*.shelf.io https://*.shelf-ssp.com * 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonaws.com https://*.polyfill.io https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.getbeamer.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.jsdelivr.net https://*.s3.amazonaws.com https://*.youtube.com https://*.vimeo.com; connect-src https://*.shelf.io https://*.shelf-ssp.com * 'self'; img-src data: https://*.shelf.io https://*.shelf-ssp.com * 'self' blob: chrome-extension://* https://*.s3.amazonaws.com http://* https://*; style-src https://*.shelf.io https://*.shelf-ssp.com * 'self' 'unsafe-inline' https://*.s3.amazonaws.com http://* https://*; object-src https://*.shelf.io https://*.shelf-ssp.com * 'self' https://*.amazonaws.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com https://*.pendo.io https://*.getbeamer.com https://*.s3.amazonaws.com; media-src https://*.shelf.io https://*.shelf-ssp.com * 'self' http://* https://*; font-src https://*.shelf.io https://*.shelf-ssp.com * 'self' http://* https://*; frame-src https://*.shelf.io https://*.shelf-ssp.com * 'self' http://* https://*; worker-src https://*.shelf.io https://*.shelf-ssp.com blob: