Content-Security-Policy: default-src 'none'; worker-src 'self' blob:; img-src * data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' static.hsappstatic.net *.hscollectedforms.net *.clickcease.com cdn-cookieyes.com *.cdn-cookieyes.com *.amplitude.com *.hubspot.com cdn.shortpixel.ai *.cookiebot.com  *.youtube.com *.gstatic.com *.mouseflow.com *.redditstatic.com *.google.com *.bing.com  *.doubleclick.net *.hsleadflows.net  *.facebook.com *.facebook.net *.addtoany.com cdnjs.cloudflare.com *.vimeo.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.googletagmanager.com *.google-analytics.com snap.licdn.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.cdn-cookieyes.com *.cookiebot.com *.shortpixel.ai *.addtoany.com *.googleapis.com *.fontawesome.com; font-src 'self' 'unsafe-inline' data: *.gstatic.com *.fontawesome.com; connect-src *.googleadservices.com yoast.com *.yoast.com *.hscollectedforms.net *.amplitude.com *.cookiebot.com cdn-cookieyes.com *.cdn-cookieyes.com *.cookieyes.com cookieyes.com *.reddit.com *.redditstatic.com *.googlesyndication.com *.google.com *.google.ca *.hubspot.com *.bing.com *.facebook.com *.doubleclick.net *.mailchannels.com *.linkedin.oribi.io *.addtoany.com *.googleapis.com hubspot-forms-static-embed.s3.amazonaws.com *.hubapi.com *.linkedin.com *.mouseflow.com analytics.google.com *.google-analytics.com *.hsforms.com; frame-ancestors 'self'; frame-src 'self' blob: *.mailchannels.com mailchannels.com *.googletagmanager.com *.cookiebot.com *.spotify.com *.doubleclick.net *.anchor.fm anchor.fm *.mailchannels.com *.hubspot.com *.google.com *.addtoany.com vimeo.com static.hsappstatic.net forms.hsforms.com *.hsforms.com *.vimeo.com youtube.com *.youtube.com; manifest-src 'self' mailchannels.com