default-src 'none';
script-src 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__en.js;
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
img-src 'self' data: https://ps.w.org https://s.w.org/ https://secure.gravatar.com https://www.googletagmanager.com;
connect-src 'self' https://www.google-analytics.com;
font-src 'self' data: https://fonts.gstatic.com;
form-action 'self';
frame-ancestors 'none';
object-src 'none';
frame-src 'self' https://www.google.com;
worker-src 'self' blob:;
manifest-src 'none';
base-uri 'none';
upgrade-insecure-requests;