Content-Security-Policy: report-uri https://mon.gauthai-us.com/monitor_browser/collect/batch/security/?bid=EHI_H5&ev_type=csp&p=jMJf6k1GY6BA4KbmDVSsTh&v=3&s=657&b=oab; report-to csp-endpoint; upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: *.bing.com *.clarity.ms *.g.doubleclick.net *.facebook.com *.gauthstatic-us.com *.google.com *.googleusercontent.com *.gstatic.com *.tiktokcdn-us.com i.ytimg.com *.gauthmath.com www.googleadservices.com www.googletagmanager.com; base-uri 'none'; connect-src 'self' *.clarity.ms *.g.doubleclick.net *.facebook.com *.gauthai-us.com *.gauthmath.com *.us.gauthmath.com *.gauthstatic-us.com *.google.com *.pipopay.com *.pipopay.us *.tiktokcdn-us.com *.tiktokv.com *.tiktokv.us *.pipopayment.us fp.us.tiktokv.com region1.analytics.google.com ttwid.tiktokw.us www.google-analytics.com www.googleadservices.com www.googletagmanager.com mssdk-va.byteoversea.com region1.google-analytics.com; frame-ancestors 'self'; frame-src 'self' bytedance: *.googletagmanager.com *.pipopay.com *.pipopay.us *.tiktokcdn-us.com *.google.com *.pipopayment.us h5.gauthai-us.com www.youtube.com; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-eval' *.clarity.ms *.gauthmath.com *.gauthstatic-us.com *.google.com *.tiktokcdn-us.com *.cdn-apple.com *.facebook.net *.g.doubleclick.net www.googletagmanager.com www.youtube.com sf16-website-login.neutral.ttwstatic.com; worker-src 'self' https: *.gauthstatic-us.com