Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' faye.services.eu.connect.secureauth.com www.google.com www.gstatic.com www.googletagmanager.com *.google-analytics.com data: blob: assets.cdn.connect.secureauth.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net authz.cloudentity.io *.risk.services.eu.connect.secureauth.com *.aisecurity.services.eu.connect.secureauth.com workforce.services.eu.connect.secureauth.com dbfp.services.eu.connect.secureauth.com wss: pages.secureauth.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.userpilot.io wss://*.userpilot.io https://*.qualified.com wss://*.qualified.com https://tiles.openfreemap.org; img-src 'self' data: https:; font-src data: https:; style-src 'self' 'unsafe-inline' https:; media-src https://docs.secureauth.com/resources/videos/;