Content-Security-Policy | default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com *.aspnetcdn.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com *.onesignal.com onesignal.com; style-src http: 'self' https: 'unsafe-inline'; font-src data: http: fonts.gstatic.com https: 'unsafe-inline' fonts.gstatic.com; img-src data: 'self' https: www.google-analytics.com *.twitter.com cdn.syndication.twimg.com pbs.twimg.com abs.twimg.com onesignal.com; object-src 'self';frame-src os.tc *.os.tc *.onesignal.com onesignal.com www.google.com syndication.twitter.com platform.twitter.com |