I discovered the same issue. When I click on the avatar color to change it, there is no response: Thanks. Web Browser: Tried with both Firefox and Chrome Browser Version: Chrome Version 49.0.2623.112 , Firefox 51.0.1 (32-bit) Operating System: Windows Vista Service Pack 2 (I know I know. I'm upgrading by the end of the month) If Javascript is enabled: Yes Your anti-virus software: Malwarebytes Premium, 3.06 List of any browser add-ons or extensions enabled: None Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net https://*.googlesyndication.com <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> https://*.googlesyndication.com <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> https://*.googlesyndication.com <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> https://*.googlesyndication.com <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.googlesyndication.com https://*.tokbox.com https://*.googlesyndication.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> https://*.googlesyndication.com <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> https://*.googlesyndication.com <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-IrEAwUUgLBzyKos+N0zANsDtEM/dLrz+6xUdD9irqlU='), or a nonce ('nonce-...') is required to enable inline execution. app.roll20.net/:13 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://*.googlesyndication.com https://*.doubleclick.net https://*.googlesyndication.com <a href="https://www.googletagservices.com" rel="nofollow">https://www.googletagservices.com</a> https://*.googlesyndication.com <a href="https://www.google-analytics.com" rel="nofollow">https://www.google-analytics.com</a> https://*.googlesyndication.com <a href="http://ajax.googleapis.com" rel="nofollow">http://ajax.googleapis.com</a> https://*.googlesyndication.com <a href="https://cdn.firebase.com" rel="nofollow">https://cdn.firebase.com</a> https://*.googlesyndication.com https://*.tokbox.com https://*.googlesyndication.com <a href="http://static.opentok.com" rel="nofollow">http://static.opentok.com</a> https://*.googlesyndication.com <a href="http://cdn.crowdin.com" rel="nofollow">http://cdn.crowdin.com</a> https://*.googlesyndication.com <a href="http://stun.l.google.com" rel="nofollow">http://stun.l.google.com</a>". Either the 'unsafe-inline' keyword, a hash ('sha256-npngRtQYomQz2/PGlo3OMaFWOvAvrm65p+WFyZPCRuo='), or a nonce ('nonce-...') is required to enable inline execution. app.js?1485974604:31 70 app.js?1485974604:31 TOUCH SUPPORTED: false app.js?1485974604:31 USING WEBGL ACCELERATION... app.js?1485974604:31 WEBGL STARTUP SUCCESS app.js?1485974604:33 Custom Sheet Translation app.js?1485974604:26 select app.js?1485974604:26 Switch mode to select app.js?1485974604:42 Initializing new dice engine with randomness... app.js?1485974604:42 Using random entropy app.js?1485974604:46 Compiling sheet... app.js?1485974604:46 Found rolltemplate: us app.js?1485974604:46 Finding sheet rolls... jquery.1.8.2.min.js:2 Mixed Content: The page at '<a href="https://app.roll20.net/editor/" rel="nofollow">https://app.roll20.net/editor/</a>' was loaded over HTTPS, but requested an insecure font '<a href="http://imgsrv.roll20.net/?src=fonts.gstatic.com/s/specialelite/v5/9-wW4zu3WNoD5Fjka35Jm4kzzdU71mzyRvKBGWbyScU.woff" rel="nofollow">http://imgsrv.roll20.net/?src=fonts.gstatic.com/s/specialelite/v5/9-wW4zu3WNoD5Fjka35Jm4kzzdU71mzyRvKBGWbyScU.woff</a>'. This request has been blocked; the content must be served over HTTPS.p.fn.extend.addClass @ jquery.1.8.2.min.js:2 app.js?1485974604:47 window resize app.js?1485974604:32 Final set zoom! app.js?1485974604:31 UPDATE GL SIZE! app.js?1485974604:32 Final set zoom! tutorial_tips.js:7 tuts loaded app.js?1485974604:38 Final page load. app.js?1485974604:48 Refresh jukebox List! app.js?1485974604:38 Scan for new plays! app.js?1485974604:37 Auth'ed. app.js?1485974604:37 Go post auth! app.js?1485974604:37 initial setup app.js?1485974604:48 Refresh jukebox List! app.js?1485974604:35 r app.js?1485974604:37 Got players value... app.js?1485974604:37 joining game... jquery.1.8.2.min.js:2 Mixed Content: The page at '<a href="https://app.roll20.net/editor/" rel="nofollow">https://app.roll20.net/editor/</a>' was loaded over HTTPS, but requested an insecure font '<a href="http://imgsrv.roll20.net/?src=fonts.gstatic.com/s/specialelite/v5/9-wW4zu3WNoD5Fjka35Jm4kzzdU71mzyRvKBGWbyScU.woff" rel="nofollow">http://imgsrv.roll20.net/?src=fonts.gstatic.com/s/specialelite/v5/9-wW4zu3WNoD5Fjka35Jm4kzzdU71mzyRvKBGWbyScU.woff</a>'. This request has been blocked; the content must be served over HTTPS.a.getComputedStyle.bH @ jquery.1.8.2.min.js:2 app.js?1485974604:35 Full load page! app.js?1485974604:37 We have 1 pages app.js?1485974604:35 Player -KF4sye6ex1uAA0o2tIG is offline... app.js?1485974604:36 Global Volume: 100=1 app.js?1485974604:37 Deferred finish joining... app.js?1485974604:31 Firebase Online app.js?1485974604:44 Loading Roll20 Chat Event Handlers app.js?1485974604:40 refershing page listings! app.js?1485974604:37 handle page changes app.js?1485974604:37 false app.js?1485974604:48 Refresh jukebox List! app.js?1485974604:40 refershing page listings! app.js?1485974604:33 Do refresh link cache! app.js?1485974604:45 Refresh Journal List! app.js?1485974604:45 Search took 10ms app.js?1485974604:37 init active page! app.js?1485974604:35 activate page! app.js?1485974604:35 FULLY ACTIVATE VIEWS FOR PAGE. app.js?1485974604:35 Graphics: 8 app.js?1485974604:35 Paths: 0 app.js?1485974604:35 Reorder by ZORDER app.js?1485974604:38 Scan for new plays! app.js?1485974604:40 refershing page listings! app.js?1485974604:44 Didn't find a roll template called 'wod-3part'd20.textchat.incoming @ app.js?1485974604:44 app.js?1485974604:48 Refresh jukebox List! app.js?1485974604:34 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/1818" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1818</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/1818" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1818</a>... app.js?1485974604:35 Reorder by ZORDER app.js?1485974604:34 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/5204" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/5204</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/5204" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/5204</a>... app.js?1485974604:34 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/5207" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/5207</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/5207" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/5207</a>... app.js?1485974604:34 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/1360" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1360</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/1360" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1360</a>... app.js?1485974604:34 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/1092" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1092</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/1092" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1092</a>... app.js?1485974604:34 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/1491" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1491</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/1491" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/1491</a>... app.js?1485974604:34 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/5752" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/5752</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/5752" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/5752</a>... app.js?1485974604:34 Swapping <a href="https://s3.amazonaws.com/files.d20.io/images/2828" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/2828</a>... to <a href="https://s3.amazonaws.com/files.d20.io/images/2828" rel="nofollow">https://s3.amazonaws.com/files.d20.io/images/2828</a>... app.js?1485974604:35 Reorder by ZORDER 2app.js?1485974604:34 setting src app.js?1485974604:30 Cols: 2 Rows: 3 app.js?1485974604:30 Took 5ms to generate cache. 6app.js?1485974604:34 setting src app.js?1485974604:45 playerId -KF4sye6ex1uAA0o2tIG app.js?1485974604:45 thisPlayer r app.js?1485974604:35 Uncaught TypeError: Cannot read property 'videoWidth' of undefined app.js?1485974604:48 Refresh jukebox List! app.js?1485974604:38 Scan for new plays! app.js?1485974604:45 playerId -KF4sye6ex1uAA0o2tIG app.js?1485974604:45 thisPlayer r app.js?1485974604:35 Uncaught TypeError: Cannot read property 'videoWidth' of undefined app.js?1485974604:48 Refresh jukebox List! app.js?1485974604:38 Scan for new plays! app.js?1485974604:48 Refresh jukebox List! app.js?1485974604:38 Scan for new plays! app.js?1485974604:45 playerId -KF4sye6ex1uAA0o2tIG app.js?1485974604:45 thisPlayer r app.js?1485974604:35 Uncaught TypeError: Cannot read property 'videoWidth' of undefined app.js?1485974604:48 Refresh jukebox List! app.js?1485974604:38 Scan for new plays! app.js?1485974604:47 window resize app.js?1485974604:32 Final set zoom! app.js?1485974604:31 UPDATE GL SIZE! app.js?1485974604:32 Final set zoom!