Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' *.adroll.com *.bing.com *.calltrk.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hs-analytics.net *.hs-banner.com *.hs-script.com *.hsadspixel.net *.hscollectedforms.net *.hsforms.com *.hsforms.net *.hsleadflows.net *.hubapi.com *.hubspi.com *.hubspot.com *.licdn.com *.loopanalytics.com *.linkedin.com *.quora.com *.rackcdn.com *.salesloft.com *.oribi.io *.typekit.net *.upsellit.com *.wp.com *.youtube.com fonts.googleapis.com js.hs-scripts.com *.spline.design unpkg.com data:;