Content-Security-Policy: upgrade-insecure-requests, frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.webse.com.my https://*.posthog.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://google-analytics.com https://googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://*.clarity.ms https://cloud.google.com;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com tagmanager.google.com www.googletagmanager.com fonts.googleapis.com;object-src 'none';frame-src 'self' scores.securityscorecard.io www.youtube.com *.webse.com.my www.google.com www.googletagmanager.com;child-src 'self' www.googletagmanager.com;img-src 'self' data: blob: *.google.com *.google-analytics.com cdnjs.cloudflare.com www.googletagmanager.com *.webse.com.my;font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com;connect-src 'self' *.posthog.com *.google.com cdnjs.cloudflare.com stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com https://*.clarity.ms *.googleapis.com;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';worker-src 'self';