Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'report-sample' 'nonce-c2607db66481f5967c8f5b3aa00ff53f4d95cf6b9d43950c53c8c8934cb6a98941f37b734c76a970be8fdb7087b23628' stats.wp.com https://widgets.wp.com *.wordpress.com https://apis.google.com https://appleid.cdn-apple.com www.google-analytics.com use.typekit.net js.stripe.com js.verygoodvault.com www.paypal.com www.paypalobjects.com cdn.siftscience.com survey.survicate.com surveys-static-prd.survicate-cdn.com https://cdn.smooch.io https://static.zdassets.com *.zendesk.com https://www.gstatic.com https://static.ads-twitter.com https://connect.facebook.net https://snap.licdn.com www.redditstatic.com https://analytics.tiktok.com https://a.quora.com www.googletagmanager.com https://accounts.google.com https://bat.bing.com https://blackbox-api.wp.com; base-uri 'none'; style-src 'self' *.wp.com https://fonts.googleapis.com use.typekit.net surveys-static-prd.survicate-cdn.com https://cdn.smooch.io https://www.gstatic.com 'unsafe-inline'; form-action 'self'; object-src 'none'; img-src 'self' data: *.wp.com *.wp.org https://wordpress.com *.wordpress.com *.files.wordpress.com *.gravatar.com https://cdn.bsky.app https://video.bsky.app https://video.cdn.bsky.app https://t.co https://www.google-analytics.com *.doubleclick.net https://analytics.twitter.com https://www.facebook.com https://alb.reddit.com https://*.google.com https://*.google.com.my https://*.google.co.uk https://*.google.de https://*.google.fr https://*.google.es https://*.google.it https://*.google.ca https://*.google.com.au https://*.google.co.jp https://*.google.com.br https://*.google.com.pk https://*.google.co.in https://*.google.com.mx https://*.google.nl https://*.google.co.id https://*.google.cd https://*.google.lu https://*.google.com.tr https://*.google.sm https://*.google.com.ng https://*.google.co.ma https://gravatar.com https://linkmaker.itunes.apple.com https://cdn.smooch.io https://bat.bing.com https://amplifypixel.outbrain.com https://hexagon-analytics.com https://img.youtube.com *.ads.linkedin.com https://ps.w.org https://ts.w.org https://s.w.org https://woocommerce.com localhost:8888 p.typekit.net https://q.quora.com; frame-src 'self' https://public-api.wordpress.com https://accounts.google.com/ https://www.googletagmanager.com https://jetpack.com *.doubleclick.net *.wordpress.com js.stripe.com *.stripe.com *.verygoodsecurity.com www.paypal.com *.paypal.com https://blackbox-api.wp.com; font-src 'self' *.wp.com https://fonts.gstatic.com use.typekit.net https://woocommerce.com surveys-static-prd.survicate-cdn.com https://cdn.smooch.io data:; media-src 'self' blob: https://video.bsky.app https://video.cdn.bsky.app; connect-src 'self' https://*.wordpress.com/ wss://*.wordpress.com https://*.wp.com https://wordpress.com *.doubleclick.net https://api.wordpress.org https://pixel.wp.com https://*.google.com www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://bat.bing.com https://px.ads.linkedin.com https://survey.survicate.com *.sentry.io *.reddit.com https://video.bsky.app https://video.cdn.bsky.app https://analytics.tiktok.com https://a.quora.com *.stripe.com api.stripe.com *.verygoodsecurity.com *.paypal.com *.zendesk.com wss://*.zendesk.com https://ekr.zdassets.com https://*.config.smooch.io; report-uri /cspreport