default-src 'self' 'unsafe-eval' 'unsafe-inline' *.ads-twitter.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hsappstatic.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.hubspotusercontent00.net *.juni.co *.segment.io *.twitter.com *.usemessages.com ads-twitter.com blob: cdn.segment.com/analytics-next/bundles/* cdn.segment.com/analytics.js/v1/f7V8Ng68avpQBJYgxGLjVeC2qqa280uR/analytics.min.js cdn.segment.com/next-integrations/integrations/* cdn.segment.com/v1/projects/f7V8Ng68avpQBJYgxGLjVeC2qqa280uR/settings data: doubleclick.net facebook.com facebook.net google-analytics.com google.com googleadservices.com googleapis.com googletagmanager.com gstatic.com hotjar.com hotjar.io hs-analytics.net hs-banner.com hs-scripts.com hsadspixel.net hsappstatic.net hscollectedforms.net https: hubapi.com hubspot.com hubspotusercontent00.net juni.builder.salesforce-experience.com juni.co juni.my.site.com segment.io twitter.com usemessages.com ws: wss:;
frame-ancestors *.hubspot.com;
upgrade-insecure-requests;
base-uri 'self';
report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd6297f5218fd5ae0acdad59ac50f7215&dd-evp-origin=content-security-policy&ddsource=csp-report;