"), midi=self, otp-credentials=self, picture-in-picture=*, publickey-credentials-create=self, publickey-credentials-get=self, screen-wake-lock=self, serial=self, storage-access=*, usb=self, web-share=self, window-management=self, xr-spatial-tracking=self
content-security-policy: script-src 'strict-dynamic' https: 'nonce-JjkMGJ9rtp09mAVeKnSpWg==' https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://maps.googleapis.com https://maps.gstatic.com 'wasm-unsafe-eval'; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; block-all-mixed-content; img-src 'self' data: blob: *.anthropic.com *.claude.ai *.claude.com *.ant.dev *.gstatic.com * https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com; frame-src a-cdn.claude.ai a.claude.ai a.claude-ai.staging.ant.dev b.stripecdn.com embedded-dashboards.metronome.com forms.hsforms.com googletagmanager.com js.stripe.com m.stripe.network newassets.hcaptcha.com pay.google.com r.stripe.com www.google.com accounts.google.com www.youtube-nocookie.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://www.claudeusercontent.com https://www.claudemcpclient.com *.claudemcpcontent.com https://claude.ai; font-src 'self' assets.claude.ai assets-proxy.anthropic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; form-action 'self' https://forms.hsforms.com https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; media-src 'self' cdn.sanity.io https://assets.claude.ai https://assets-proxy.anthropic.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com; upgrade-insecure-requests; worker-src 'self' a-cdn.claude.ai assets.claude.ai assets-proxy.anthropic.com a-cdn.anthropic.com s-cdn.anthropic.com
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: same-origin
x-activity-session-id: 3c9d7398-a5d7-4e26-830b-97da5b1f2c2e
x-request-pathname: /apple-touch-icon.png
cache-control: public, max-age=14400
last-modified: Tue, 03 Mar 2026 02:18:36 GMT
etag: W/"f56c-19cb17d7860"
x-envoy-upstream-service-time: 64
cf-cache-status: MISS
expires: Tue, 03 Mar 2026 19:27:25 GMT
accept-ranges: bytes
priority: u=6,i=?0
vary: Accept-Encoding
x-robots-tag: none
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri