The Content-Security-Policy directive name 'data:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
[Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self' cloudflareinsights.com *.cloudflareinsights.com cybersource.com *.cybersource.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com myaccountinfo.com *.myaccountinfo.com mypurecloud.com *.mypurecloud.com pingdom.net *.pingdom.net". Either the 'unsafe-inline' keyword, a hash ('sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.