Content-Security-Policy: default-src 'none'; connect-src 'self' https://*.limacharlie.io/ wss://*.limacharlie.io/ wss://*.firebaseio.com/.ws https://securetoken.googleapis.com/v1/token https://storage.googleapis.com/ https://o541605.ingest.us.sentry.io/ https://*.posthog.com/ https://identitytoolkit.googleapis.com/ https://us-central1-refractionpoint-lce.cloudfunctions.net/ https://fonts.gstatic.com/ https://fonts.googleapis.com/css2 https://apis.google.com/ https://www.google.com/ https://www.gstatic.com/ https://api.hsforms.com/submissions/v3/integration/ https://dialogflow.cloud.google.com/v1/cx/integrations/ https://downloads.limacharlie.io/urls https://www.limacharlie.com/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2 https://www.gstatic.com/ https://fonts.googleapis.com/icon https://fonts.googleapis.com/css ; img-src 'self' https://storage.cloud.google.com/limacharlie-io/ https://*.googleusercontent.com/download/storage/v1/b/limacharlie-io/ https://storage.googleapis.com/ https://www.hpcsec.com/wp-content/uploads/2023/05/cropped-black-grey-rectangle-logo.png https://www.jumpsec.com/wp-content/uploads/2022/08/JUMPSEC-2021-Retina.png https://images.squarespace-cdn.com/content/v1/647a0e6d7e0f640683184bf4/d8bef655-332f-4709-b56e-0a5bc05fe009/full-logo-periwinkle.png https://www.misp-project.org/img/logo.png https://github.com/target/strelka/raw/master/misc/assets/strelka_banner.png https://img.youtube.com/ https://images.coursestack.com/ data: blob: ; font-src 'self' https://fonts.gstatic.com/s/ https://fonts.gstatic.com/l/ https://app.limacharlie.io/ data: ; frame-src 'self' https://refractionpoint-lce.firebaseapp.com/ https://js.stripe.com/ https://*.firebaseio.com/ https://www.google.com/ https://www.recaptcha.google.com/ ; script-src-elem 'unsafe-inline' 'self' https://*.firebaseio.com/ https://apis.google.com/ https://js.stripe.com/ https://*.posthog.com/ https://p.limacharlie.io/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/dialogflow-console/ ; worker-src 'self' blob: ; manifest-src 'self'; report-uri https://o541605.ingest.us.sentry.io/api/5660726/security/?sentry_key=9aceeec567e940de825127c5c33fd825; report-to csp-endpoint;