Hi,
Now you have this response header which limits the requests:
content-security-policy: default-src 'self' https://www.paypal.com https://www.sandbox.paypal.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https://www.gstatic.com/ https://*.imgix.net https://*.analogwp.com https://*.premiumtemplates.io https://placehold.it https://*.mailchimp.com https://*.jupix.co.uk https://cdnjs.cloudflare.com https://pixel.sojern.com https://tag.yieldoptimizer.com https://secure.adnxs.com https://ib.adnxs.com https://tag.adaraanalytics.com https://tapestry.tapad.com https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://us-u.openx.net https://ssl.gstatic.com https://ps.w.org https://library.elementor.com https://secure.gravatar.com https://*.google-analytics.com https://gpsites.co https://maps.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://www.paypal.com https://www.paypalobjects.com https://www.tripadvisor.co.uk https://static.tacdn.com https://p.travelsmarter.net https://s.w.org https://*.doubleclick.net; font-src 'self' data: https://*.googleapis.com https://fonts.gstatic.com https://static.tacdn.com; script-src 'self' https://xb3xxneyqc.execute-api.us-east-1.amazonaws.com https://xb3xxneyqc.execute-api.us-east-1.amazonaws.com https://coronabar-53eb.kxcdn.com https://*.google.com https://*.mailchimp.com https://mc.us3.list-manage.com https://*.googleapis.com https://chimpstatic.com https://www.googletagmanager.com https://apis.google.com https://platform.twitter.com https://connect.facebook.net https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://cdn.polyfill.io https://www.youtube.com https://s.ytimg.com https://www.jscache.com https://www.tripadvisor.com https://static.tacdn.com https://static.doubleclick.net https://googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://xb3xxneyqc.execute-api.us-east-1.amazonaws.com https://*.lottiefiles.com https://www.google-analytics.com; style-src 'self' data: https://*.mailchimp.com https://cdnjs.cloudflare.com https://www.gstatic.com https://static.tacdn.com https://*.googleapis.com 'unsafe-inline'; worker-src 'self'; child-src https://facebook.com https://platform.twitter.com https://www.youtube.com; frame-src 'self' https://*.analogwp.com https://*.premiumtemplates.io/ https://*.google.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.youtube.com https://*.facebook.com https://*.elementor.com; frame-ancestors 'self'; upgrade-insecure-requests;
You need to remove it or add translate.googleapis.com, translate.google.com to the list.
Please talk to your developer, it is a security concern, may be it is done for a reason.
Thanks! ??
